Jump to content

Search the Community

Showing results for tags 'Redirect'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I've been trying for days to get rid of this click.sureonlinefind.com Google redirect. I've tried everything I can think of. I've bought the pro version of Malwarebytes, and I notice that every once in awhile it tries to connect to 194.14.0.170, not sure if they're related, but MB blocks that. Bit of Googling shows it's part of maybe a Pirate bay group, and I don't even really use torrents anymore so I even uninstalled uTorrent. I've tried: Esets ADW HitmanPro RogueKiller TDSSkiller Combofix MBam's Anti-Rootkit Emisoft Anti Malware (currently running that as my live protection). Not sure if the IP address is a false positive, but the search redirect is annoying. Doesn't happen all the time, maybe once every 10 clicks I click in Google. AND it only affects my Firefox searches. Chrome seems fine. Tried searching the about:config in Firefox for entries, but didn't find any. The above softwares did find some things, but after googling, don't seem like they were related. Please help... dds.txt attach.txt
  2. Help, My first virus. I am freaking out. Whenever I do a google search from the search bar in Firefox/Chrome, my computer redirects to some random site trying to sell me some products. Also, Malwarebytes keeps telling me that it bocked suspicious activity to 109.236.82.107 through port:49242 from program iexplorer.exe. This happened over the last few days. I didn't do any searches on Saturday. So, I could have been infected from Friday to Today. I have been looking at numerous websites. But, I didn't download anything these past few days. I have activity logs from various malware programs that I ran. Please help. I can attach whatever logs you want. Abracadabra
  3. My girlfriend decided to download the digital media program known as "SAI" but inadvertantly also installed the "SweetPacks" toolbar. After some fiddling, I decided to run Malwarebytes and Spybot Search & Destroy. Spybot found several pieces of addware, and apparently cleaned them up, including sweetpacks. Malwarebytes continually becomes non responsive several hours into the scan, but 100000 files in, and still no problem files found. This all sounded good, except her home page is still sweetpacks and she still has the tool bar. I have run dss, and have the two reports, as shown below. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 Run by Savannah at 16:07:56 on 2013-05-03 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.1056 [GMT -7:00] . AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SearchProtect\bin\CltMngSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Windows\system32\WerCon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxext.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll mURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Search Spin Toolbar: {FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C} - c:\program files\search_spin\prxtbSear.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [searchProtect] c:\users\savannah\appdata\roaming\searchprotect\bin\cltmng.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{41FF72CF-98A8-4D8A-8336-8F21340D67B4} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI=UN13097975252358819&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN13097975252358819&UM=&q= FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\np-mswmp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\npConduitFirefoxPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-04-15 21:09; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-04-15 21:10; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF - ExtSQL: !HIDDEN! 2009-07-25 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-10 272432] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-25 25896] R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-3 40776] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-5-25 290304] R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-30 1245064] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-2 102448] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-03 20:48:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-03 20:47:34 -------- d-----w- c:\users\savannah\appdata\roaming\SearchProtect 2013-05-03 19:00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-05-03 19:00:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-05-03 18:57:36 -------- d-----w- c:\users\savannah\appdata\roaming\Malwarebytes 2013-05-03 18:57:18 -------- d-----w- c:\programdata\Malwarebytes 2013-05-03 18:57:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-03 18:57:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-30 09:12:38 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d1bf4a4c-09e3-47dd-b600-a9e1caba12c8}\mpengine.dll 2013-04-16 04:11:05 -------- d-----w- c:\program files\Conduit 2013-04-16 04:11:04 -------- d-----w- c:\users\savannah\appdata\roaming\SYSTEMAX Software Development 2013-04-16 04:11:04 -------- d-----w- c:\programdata\SYSTEMAX Software Development 2013-04-16 04:10:53 -------- d-----w- c:\users\savannah\appdata\local\Conduit 2013-04-16 04:10:53 -------- d-----w- c:\program files\Search_Spin 2013-04-16 04:10:39 -------- d-----w- c:\program files\SearchProtect 2013-04-16 04:10:38 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-16 04:10:38 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-16 04:10:07 -------- d-----w- c:\program files\SearchGBY 2013-04-16 00:16:08 -------- d-----w- c:\users\savannah\.thumbnails 2013-04-16 00:14:05 -------- d-----w- c:\users\savannah\appdata\local\fontconfig 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\appdata\local\gegl-0.2 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\.gimp-2.8 2013-04-16 00:07:42 -------- d-----w- c:\program files\GIMP 2 . ==================== Find3M ==================== . 2013-03-19 22:58:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 22:58:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-12 08:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 16:09:07.49 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 5/25/2009 5:18:13 AM System Uptime: 5/3/2013 1:46:23 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 140 GiB total, 52.839 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 9 Amazon Links AppCore Apple Application Support Apple Mobile Device Support Apple Software Update Backup Bonjour ccCommon CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system DVD MovieFactory for TOSHIBA GearDrvs GIMP 2.8.4 GoGear VIBE Device Manager Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java 6 Update 6 League of Legends LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Media Converter for Philips Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft XML Parser Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 Norton 360 (Symantec Corporation) Norton 360 HTMLHelp Norton Confidential Core Opera 11.60 PaintTool SAI Ver.1 Pando Media Booster Picasa 2 QuickBooks Financial Center QuickTime Razer Game Booster Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver REALTEK RTL8187B Wireless LAN Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library RuneScape Launcher 1.2.2 Search Protect by conduit Search Spin Toolbar Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) SPBBC 32bit Spybot - Search & Destroy Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update Installer for WildTangent Games App WildTangent Games WildTangent Games App (Toshiba Games) Windows Media Encoder 9 Series WinRAR 4.01 (32-bit) WinZip 16.5 World of Warcraft World of Warcraft Trial . ==== End Of File ===========================
  4. Hi all, Thanks for having me. I've had the strangest experience and wasn't sure what category to put this in. Basically, I've spent the better part of 2 days reverse engineering a redirect exploit (I'm a software engineer) and I BELIEVE I have traced it to ebine.com. Not only that, I BELIEVE that google and ebine are colluding to create popular dislike of "do not track", which ebine strangely mischaracterizes and on the same site offers a downloadable IE "plugin" to "truly" block advertisers. What it actually does is redirect you to funny sites whenever you use IE; to sites like ad-g.doubleclick.net. This is NOT the same as the older doubleclick hacks that sent users to the same domain. This is being exploited because it is so easy to do so. Further, I found virtually nothing on google about this exploit, which is very odd. Almost always when we find something in the wild it inevitably ends up as easily searchable online. It could be that the exploit is very new, dunno. Anyway, just wanted to share, jm
  5. Greetings, I would appreciate some assistance with the Live Search redirect virus. It has impacted all three of my browers, Norton can't find and MWB identifies a virus but then stops working before the scan is complete. Looking at the forum it looks like the best way to start is with this info; Thank you in advance! Jeff DDS.txt Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_37 Run by Administrator at 14:34:44 on 2013-04-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.1252 [GMT -7:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\ASTSRV.EXE C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe C:\Windows\System32\msdtc.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\prevhost.exe C:\Windows\SysWOW64\prevhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned> BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [steam] "X:\Games\Steam\Steam.exe" -silent uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe uRun: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe" uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [{9E5322B8-7078-43EA-8AD6-9F905FC9C231}] rundll32 "C:\Users\Administrator\AppData\Local\{587DC353-14FF-48AD-B9DF-8C03FD948118}\{9E5322B8-7078-43EA-8AD6-9F905FC9C231}\kluspopx.dll",K_SetArg mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [{9E5322B8-7078-43EA-8AD6-9F905FC9C231}] rundll32 "C:\Users\Administrator\AppData\Local\{587DC353-14FF-48AD-B9DF-8C03FD948118}\{9E5322B8-7078-43EA-8AD6-9F905FC9C231}\kluspopx.dll",K_SetArg StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Dimdim.lnk - C:\Program Files (x86)\Dimdim\Plugin\Application\Dimdim.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://tempo5.sandicor.com/5.2.06.12571/Control/IRCSharc.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercall.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{1C096589-77A6-411F-BF72-97712B9514E0} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll Handler: wlmailhtml - <Clsid value has no data> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned> x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned> x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned> x64-Handler: wlmailhtml - <Clsid value has no data> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dedri9us.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\2.bin\NP2pEISb.dll FF - plugin: C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Users\Administrator\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-4-14 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-4-14 15920] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-17 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-8-2 21544] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072] R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2011-12-4 167048] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20130405.001\IDSviA64.sys [2013-4-5 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-8-2 68136] R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-12-4 1029480] R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-16 57856] R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-2 13336] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 375728] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-9-7 72216] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272] R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-9-5 216072] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-3 69640] R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-12-4 138760] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-8-2 114688] R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-12-4 1037672] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-16 138912] R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 66608] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-8-2 30528] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304] R3 NmPar;PCI Parallel Port;C:\Windows\System32\drivers\NmPar.sys [2010-1-12 95744] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-2 346144] R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 9728] R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 682344] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2010-5-14 24032] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-8-1 25640] S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-14 329952] S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-14 6465760] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-14 24176] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 19456] S3 SymDSMon;SymDSMon;C:\Windows\System32\drivers\SymDSMon.sys [2011-12-4 191232] S3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2011-12-4 163384] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-1 1255736] . =============== File Associations =============== . ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1" . =============== Created Last 30 ================ . 2013-04-07 06:07:17 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2013-04-07 06:07:14 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-04-07 06:07:14 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2013-03-22 18:58:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-03-22 18:58:07 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2013-03-22 18:58:07 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2013-03-22 18:58:07 193584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2013-03-22 18:58:07 115608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2013-03-16 21:48:04 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-04-07 22:46:49 30528 ----a-w- C:\Windows\GVTDrv64.sys 2013-04-07 22:46:22 25640 ----a-w- C:\Windows\gdrv.sys 2013-03-12 23:43:27 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 23:43:27 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-30 02:15:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys 2013-01-21 19:12:12 2177664 ----a-w- C:\Windows\System32\coin93.dll 2013-01-18 15:15:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll 2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2008-03-19 22:50:26 97280 ----a-w- C:\Program Files (x86)\Common Files\pcsbClean.exe 2008-03-07 02:31:44 134656 ----a-w- C:\Program Files (x86)\Common Files\PCSBoff.exe . ============= FINISH: 14:36:30.37 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/2/2010 4:20:50 AM System Uptime: 4/7/2013 3:44:47 PM (23 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P55-USB3 Processor: Intel® Core i5 CPU 750 @ 2.67GHz | Socket 1156 | 2661/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 199 GiB total, 82.166 GiB free. D: is CDROM () E: is FIXED (NTFS) - 932 GiB total, 248.414 GiB free. F: is Removable X: is FIXED (NTFS) - 732 GiB total, 490.417 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP3373: 3/31/2013 2:00:13 AM - Automatic creation RP3376: 4/1/2013 8:36:42 AM - Automatic creation RP3378: 4/2/2013 2:00:16 AM - Automatic creation RP3383: 4/3/2013 3:02:59 AM - Automatic creation RP3385: 4/4/2013 2:00:18 AM - Automatic creation RP3390: 4/5/2013 3:03:05 AM - Automatic creation RP3394: 4/6/2013 3:03:13 AM - Automatic creation RP3403: 4/7/2013 4:15:22 PM - Automatic creation RP3405: 4/8/2013 2:07:30 AM - Automatic creation . ==== Installed Programs ====================== . @BIOS A.F.5 Rename your files 1.1 Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 10 Adobe Photoshop Elements 6.0 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 10 Adobe Premiere Elements 10 Content 1 Adobe Premiere Elements 10 Content 2 Adobe Premiere Elements 10 Content 3 Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.5 Akamai NetSession Interface Alien Swarm AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Audible Download Manager AutoGreen B09.1014.2 Avery Wizard 4.0 Batch Update Bible Data Type System Files Bonjour Browser Configuration Utility Call of Duty® 4 - Modern Warfare CameraHelperMsi Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC 8 Canon Utilities Digital Photo Professional 3.9 Canon Utilities MyCamera Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner Cisco Connect Cisco WebEx Meetings Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Citrix XenApp Web Plugin Common System Files Content Manager Crysis® SP Demo D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DES 2.0 DeviceAnywhere Studio Easy Tune 6 B10.0420.1 Elements 10 Organizer erLT EVGA Precision 1.9.5 Finding Nemo Fraps Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Graphical Query Editor High-Definition Video Playback HP Officejet Pro 8500 A910 Basic Device Software HP Officejet Pro 8500 A910 Help HP Update Hulu Desktop I.R.I.S. OCR iCloud ImagXpress Intel® Control Center Intel® Rapid Storage Technology iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java 6 Update 37 Junk Mail filter update LEGO Star Wars II Libronix Digital Library System Libronix DLS Application Libronix DLS Shortcuts LibronixUpdate LiveUpdate 3.2 (Symantec Corporation) LLS Resource Driver Logitech Vid HD Logitech Webcam Software LogMeIn LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.70.0.1100 Marketsplash Shortcuts Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Starter Edition 2006 Microsoft Digital Image Starter Edition 2006 Editor Microsoft Digital Image Starter Edition 2006 Library Microsoft Math Worksheet Generator Microsoft Mathematics Add-in (32-bit) Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Movie Maker Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napoleon: Total War Natural Color Pro NEC Electronics USB 3.0 Host Controller Driver Nero 11 Nero 11 Cliparts Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero 11 Video Samples Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SharedVideoCodecs Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi neroxml Nitro Pro 7 Norton Ghost Norton Internet Security Norton Safe Web Lite Norton Utilities 15 Nuance OmniPage 17 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Display Control Panel NVIDIA Graphics Driver 311.06 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.3.5 NVIDIA Update Components OEB Resource Driver Office Animation Runtime ON_OFF Charge B10.0422.2 OverDrive Media Console Path Copy Copy 2.0 PC Study Bible (remove only) PC Study Bible 3/4 - Life Application Bible Commentary PDF Resource Driver Photo Common Photo Gallery Play with the Teletubbies v1.0 PRE10STI64Installer PSE10 STI Installer Quicken 2009 Quicken 2012 QuickTime Rainmeter Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Samsung_MonSetup Scholastic's I SPY Spooky Mansion Deluxe Screen Sharing Plug-in Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Sentence Diagramming Smart 6 B10.0422.1 SmartSound Common Data SmartSound Premiere Elements 10 x64 Plugin SmartSound Sonicfire Pro 5 SnagIt 9 Star Wars Battlefront Star Wars Battlefront II Steam StuffIt 2009 The Elder Scrolls IV: Oblivion Unofficial Shivering Isles Patch v1.4.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition vShare Plugin Walmart MP3 Music Downloads WebMeeting Plug-in WebSlingPlayer ActiveX Welcome App (Start-up experience) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 4/8/2013 3:01:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2799494). 4/7/2013 6:31:29 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 4/7/2013 3:49:00 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/7/2013 3:49:00 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 4/6/2013 9:22:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 4/6/2013 9:13:32 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 4/1/2013 8:06:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000077 (0x0000000000000001, 0x0000000000000000, 0x0000000000000000, 0xfffff88002db7fc0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040113-69794-01. . ==== End Of File ===========================
  6. Hi. Thanks for taking the time to look at my case. I have been experiencing the click.livesearchnow redirect virus issue in both Internet Explorer v9 and Google Chrome. I ran Malware bytes free version and came back with a trojan happili about a week ago and removed that. but the malicious redirect problem still happens. i clean out my history, caches and all that on a regular basis and sometimes it SEEMS like the redirect stops. I can run a search in google or yahoo search or whatever and open up links without issue. Then two days later the redirect comes back. It's driving me crazy :/ In addition to running scans on malware bytes every other day or so I also downloaded CCleaner (I saw it suggested in one of the forums here) and used that to wipe out the temp files and so forth. But the redirects in the browsers remain. I've attached the attach.txt and dds. txt files here. Oh P.S. I have Windows 7 Thank you so much! attach.txt dds.txt
  7. I attached my hijackthis.log. I use McAfee Anti-Virus, Malwarebytes, and Spybot Search and Destroy. None of these seem to find the problem. Thankfully McAfee blocks the sites when they pop up and ask me if I'm sure I want to vist them. The problem started several months ago before I installed Malwarebytes and Spybot. When I run Spybot it seems to clear up for a short while before returing. My understanding is it may bit a root kit virus and I've had no luck getting rid of it myself. I'm fairly tech savvy but I'm no expert and this driving me insane. The redirect seems to happen on several search engines but I normally use google. I use Firefox but have also experienced the problem in Google Chrome and IE. Help at this point would be greatly appreciated. hijackthis.log
  8. I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing. It does nothing to my desktop, and Spybot notifies me each time I start the computer up that it's trying to delete my CMD, taskMGR, drivers, and a few other components. I simply click deny and remember that decision. It is a redirect infection. I have conquered it and been without redirection for the rest of the day, but every time I restart the computer it seems to reinfect my machine. I have scanned multiple times with TDSSkiller, Malewarebytes, and Rougekiller, as well as Combofix only to come up empty handed. There is some pretty important data (pictures etc..) and I don't want to factory reset or have the computer enter a state of nonoperational meltdown during my attempted fixings so I am asking for help. ---------------------------------------------------------------Here is my Hijackthis log and hope someone will be available on the forums to assist me. Thank you.--------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:14:06 AM, on 1/12/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\computer\AppData\Local\Akamai\netsession_win.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10201 bytes</local> I will be back around 11 to continue this forum* Thank you for the help and patience.
  9. I have been having the FindGala redirect problem. I have run MBAM but have found nothing. I have also found various ways to supposedly fix this issue but none are the same. Please HELP! Thanks
  10. I am running Windows 7 Starter on an ASUS EePC 1015PX. For some time, links to websites from Google have been redirecting to advertisements. I have installed Ad-Aware but it has not solved the problem. Could anyone explain how I can remove the virus? Many thanks, Tom
  11. Hi Gringo, Here's the pertinent info from and up to when the posts were lost. I also had to re-register as my account was gone too. The issue was intermittent redirect of search results. When searching, the results come back fine however when clicking on them, redirect to various sites. Issue was with all browsers and search engines. After seeing the dds report you asked me to run Security Check, Adwcleaner and Rougekiller. All ran fine, logs follow. After running these utilities a quick browser check showed that problem still exists with Firefox - it may however be gone from IE. I've not had the problem in IE when trying to make it happen again. Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader 6 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Windows Defender MsMpEng.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log`````````````````````` # AdwCleaner v2.006 - Logfile created 11/01/2012 at 12:42:27 # Updated 30/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : clintball - DELL170L # Boot Mode : Normal # Running from : C:\Documents and Settings\clintball\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-US) Profile name : default File : C:\Documents and Settings\clintball\Application Data\Mozilla\Firefox\Profiles\bt1dn9cn.default\prefs.js [OK] File is clean. Profile name : default File : C:\Documents and Settings\clint\Application Data\Mozilla\Firefox\Profiles\ns6tzsfi.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3112 octets] - [22/10/2012 12:47:14] AdwCleaner[s1].txt - [1221 octets] - [22/10/2012 13:40:21] AdwCleaner[R2].txt - [1161 octets] - [22/10/2012 13:53:09] AdwCleaner[s2].txt - [1609 octets] - [01/11/2012 12:42:27] ########## EOF - C:\AdwCleaner[s2].txt - [1669 octets] ########## RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : clintball [Admin rights] Mode : Remove -- Date : 11/01/2012 12:48:29 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=192.168.1.9:80;gopher=192.168.1.9:80;hxxp=192.168.1.9:80;hxxps=192.168.1.9:80;socks=192.168.1.9:1080) -> NOT REMOVED, USE PROXYFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-75JHC0 +++++ --- User --- [MBR] 3f600efdb21dfe69d36a6b2a42a5d564 [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76245 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  12. Hello All, I've been using this forum to try to rid my laptop of this Google Redirect Virus, but nothing seems to take. If someone could please help me out, it would be really appreciated. Here are my logs: DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by JOVY at 17:20:37 on 2012-10-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1421 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Canon\DIAS\CnxDIAS.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE}\0527573616346513 : DHCPNameServer = 75.49.64.94 68.94.156.1 192.168.40.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyy.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyyreg.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\users\jovy\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-08-24 16:33; closetabstotheright@4kwh.net; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\closetabstotheright@4kwh.net.xpi FF - ExtSQL: 2012-08-24 17:08; firegestures@xuldev.org; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\firegestures@xuldev.org.xpi . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 115168] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] . =============== Created Last 30 ================ . 2012-10-16 22:33:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\offreg.dll 2012-10-16 22:32:38 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\mpengine.dll 2012-10-16 22:23:19 -------- d-----w- C:\$RECYCLE.BIN 2012-10-16 22:21:50 -------- d-----w- c:\users\jovy\appdata\local\temp 2012-10-16 01:43:56 -------- d-----w- c:\users\jovy\appdata\local\Macromedia 2012-10-05 23:29:35 -------- d-----w- c:\program files\CCleaner 2012-10-05 22:43:23 98816 ----a-w- c:\windows\sed.exe 2012-10-05 22:43:23 256000 ----a-w- c:\windows\PEV.exe 2012-10-05 22:43:23 208896 ----a-w- c:\windows\MBR.exe 2012-10-05 22:38:35 -------- d-----w- c:\users\jovy\appdata\local\VirtualStore 2012-10-05 22:34:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-05 22:03:34 388096 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-10-05 22:03:34 -------- d-----w- c:\program files\Trend Micro 2012-10-05 22:03:06 -------- d-----w- c:\program files\VS Revo Group 2012-10-02 01:27:06 -------- d-----w- c:\users\jovy\appdata\local\webkit 2012-09-27 04:13:37 -------- d-----w- c:\programdata\RegRun 2012-09-27 04:13:24 2 --shatr- c:\windows\winstart.bat 2012-09-17 23:04:15 -------- d-----w- c:\programdata\Sophos 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:45 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-09-17 23:02:29 -------- d-----w- c:\program files\Sophos 2012-09-17 23:00:47 -------- d-----w- c:\users\jovy\appdata\roaming\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2012-10-15 23:54:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-15 23:54:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 22:34:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-05 22:34:37 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 17:21:01.15 =============== . ******** UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2/10/2012 2:35:59 AM System Uptime: 10/16/2012 3:22:28 PM (2 hours ago) . Motherboard: Dell Inc. | | 0WY040 Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1601/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 26 GiB total, 5.651 GiB free. D: is FIXED (NTFS) - 48 GiB total, 10.012 GiB free. E: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Dell Wireless 1490 Dual Band WLAN Mini-Card Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Manufacturer: Broadcom Name: Dell Wireless 1490 Dual Band WLAN Mini-Card PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Service: BCM43XX . ==== System Restore Points =================== . RP192: 10/16/2012 3:14:13 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI BaiduPlayer1.12.0.11 Canon MF Toolbox 4.9.1.1.mf12 Canon MF4320-4350 CCleaner Daum PotPlayer 1.5.31934 Dell Touchpad foobar2000 v1.1.11 GIMP 2.8.0 Google Chrome Google Update Helper HiJackThis Java 7 Update 7 Java Auto Updater JDownloader 0.9 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Antimalware Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service Revo Uninstaller 1.94 Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Sophos Virus Removal Tool Spotify SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VirtualCloneDrive XnView 1.98.8 . ==== Event Viewer Messages From Past Week ======== . 10/16/2012 3:18:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/16/2012 3:00:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 10/15/2012 4:58:28 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/15/2012 4:58:28 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 10/15/2012 4:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 10/12/2012 12:35:17 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/10/2012 9:06:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================
  13. Hi, I'm not a computer moron, but i have had no real luck removing the virus on this computer, and am begging for some assistance. This is my girlfriends laptop, so I have no real idea of how she got the virus, but it has been redirecting and on occasion causing pop-ups. I haven't run anything crazy like combofix, but have been using malwarebytes, the full version. I have read some of the other threads on the topic and have a basic idea of how the process works, but I have never actually posted on the forum. Any help would be greatly appreciated.
  14. When starting up my Acer Notebook, Firefox automatically loads and is redirected to http://sftwred.info/redirect.cgi. changed default homepage to google and closed browser. firefox again defaulted to http://sftwred.info/redirect.cgi. Same redirect occurs in IE. I started jumping around to a few other programs recommended on various sites and here's what they found: ran rkill.exe. * C:\Windows\PLFSetI.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! see attached log. spybot search and destroy found coolwwwsearch and mysoft hijackers. hijackthis tries to start then shuts down. changed execute file name and ran hijackthis. see attached log spy emergency found trojan.win32.malware (c:\windows\syswow64\mshtover.dll) and cool web search (C:\windows\image.dll). removed both and rebooted. same problems persist. Initially MWB wouldn't run. Changed the name of the execute file and ran MWB and nothing found. ran again in safe mode and again nothing. I've been using MWB for a couple of years and this is the first time the problem wasn't solved. microsoft security essentials wouldn't update. downloaded and manually installed latest definitions (02 Oct). ran scan. windows update cannot currently check for updates because the service is not running. you may need to restart your computer. Ran microsoft fixit and update function restored. MSE scan found nothing. As you can see, I've been all over the place trying to find a solution. I uninstalled firefox (without deleting customization) and no change. One item I found a bit strange was the listing of D: drive as a cdrom drive. I don't have an internal CD/DVD drive, but use an external USB drive. When I check D: under device manager-hardware, it shows the same as the C: drive (Hitachi hts545032b9a300 hard drive). I thought D: was my recovery/restore partitioned from C: drive. I'm stuck and not sure what to do next. Your help would be most appreciated. Thanks Ed Attach.txt DDS.txt freefixer-log.txt hijackthis.log Rkill.txt
  15. Hey guys, I have tried everything possible to get rid of a redirect and error 105 problem which I believe is being caused by SearchNu and Partner37 malware. I had used malwarebytes, ESET online scanner, Spybot-Search and Destroy and they had all found something and removed it, but the error 105 and redirect still happens. After rescanning even on safe mode none of the scanners show signs of any malware, however the error 105 still appears with searchnu in the URL address bar. Also, the really odd thing is, the internet on my other machines have also been going slow, is it possible this virus or malware could have infected my wifi router? Not sure if this is relevant but the other devices on the same network are a macbook, iphone, ipad and samsung galaxy. I'm fairly new at this so any help in removing this would be highly appreciated!! Thanks so much! Attach.txt DDS.txt
  16. I have a virus where anytime I click a link from a Google search, I'm redirected to a spam website. I had this issue this past weekend, but Maniac helped me get rid of it (see: http://forums.malwarebytes.org/index.php?showtopic=116257). Unfortunately, the issue came back - I don't know how this happened. Can someone please help me permaneately remove this annoying, invasive virus? I've included the Malwarebytes Antivirus log, DDS.txt, and Attach.txt below. Thank you for your help and support! Malwarebytes Antivirus Log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bobby :: BOBBY-THINK [administrator] 9/26/2012 2:55:37 PM mbam-log-2012-09-26 (14-55-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200092 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Bobby\AppData\Local\Temp\0.48053279246894465 (Trojan.Happili) -> Quarantined and deleted successfully. (end) DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Bobby at 20:34:17 on 2012-09-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.1624 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\SAsrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\BlueStacks\HD-Service.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\BlueStacks\HD-Network.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Bobby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Absolute_Software] rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO-X64: IEPlugin - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun-x64: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Bobby\AppData\Local\Citrix\Plugins\60\npappdetector.dll FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-9-18 71032] R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?] S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-09-25 01:31:11 -------- d-----w- C:\Program Files (x86)\Citrix 2012-09-25 01:30:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Citrix 2012-09-24 19:55:01 -------- d-----w- C:\ProgramData\BlueStacksSetup 2012-09-24 19:54:45 -------- d-----w- C:\ProgramData\BlueStacks 2012-09-24 19:54:45 -------- d-----w- C:\Program Files (x86)\BlueStacks 2012-09-24 18:57:24 -------- d-----w- C:\Users\Bobby\.android 2012-09-24 18:56:23 -------- d-----w- C:\Program Files (x86)\Android 2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics 2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013 2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software 2012-09-22 05:08:10 -------- d--h--w- C:\$AVG 2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013 2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll 2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll 2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio 2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX 2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX 2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX 2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9 2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio 2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe 2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe 2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe 2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe 2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe 2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe 2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe 2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe 2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll 2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll 2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll 2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll 2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe 2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll 2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe 2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University 2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe 2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital . ==================== Find3M ==================== . 2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-17 04:41:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb . ============= FINISH: 20:35:30.52 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/15/2012 9:14:14 AM System Uptime: 9/26/2012 5:49:21 PM (3 hours ago) . Motherboard: LENOVO | | 3254CTO Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 188.679 GiB free. D: is CDROM () Q: is FIXED (NTFS) - 18 GiB total, 6.576 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP41: 9/22/2012 12:54:08 AM - Removed AVG 2012 RP42: 9/22/2012 12:55:12 AM - Removed AVG 2012 RP43: 9/22/2012 1:07:28 AM - Installed AVG 2013 RP44: 9/22/2012 1:07:48 AM - Installed AVG 2013 RP45: 9/22/2012 2:00:13 AM - Installed HiJackThis RP46: 9/24/2012 3:54:08 PM - Installed BlueStacks . ==== Installed Programs ====================== . Absolute Reminder Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Android SDK Tools Apple Application Support Apple Software Update BlueStacks Burn.Now 4.5 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Corel Burn.Now Lenovo Edition Corel WinDVD Create Recovery Media D3DX10 Dropbox Evernote v. 4.5.8 Google Chrome Google Talk Plugin Google Update Helper GoToMeeting 5.3.0.1010 HiJackThis Integrated Camera Driver Installer Package Ver.1.2.1.18 Intel® Control Center Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® USB 3.0 eXtensible Host Controller Driver Java 7 Update 6 Java Auto Updater Java SE Development Kit 7 Update 6 Junk Mail filter update Kerberos Ticket Viewer Lenovo Patch Utility Lenovo Registration Lenovo User Guide Lenovo Warranty Information Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetBeans IDE 7.2 Notepad++ Power Manager PowerISO QuickTime RapidBoot HDD Accelerator Realtek Ethernet Controller Driver Realtek PCIE Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Spotify SugarSync Manager System Update TeXstudio 2.3 ThinkPad Wireless LAN Adapter Software Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIP Access Visual Studio 2008 x64 Redistributables VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 9/26/2012 8:34:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVGIDSAgent service. 9/26/2012 3:03:07 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 9/26/2012 3:02:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 9/24/2012 12:23:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 9/24/2012 12:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 9/24/2012 12:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 9/22/2012 4:51:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File ===========================
  17. I believe my PC was infected with some type of malware. Whenever I use google on Firefox and I click on one of the search results, it redirects me to www.gethotresults.com. This usually happens 1/3 to 1/5 of the time. Now, this does not happen on any other browsers I have installed. I heard this malware goes by the name "random". I havn't seen this name anywhere though. Not in the registry, not in the appdata, not in any firefox/mozilla folders (I thought it would be in there as thats what brower its affecting), I even checked most of the C-Drive. Please tell me it simply just needs me to reset firefox. Any help will be appreciated, Thanks. During Obtaining the log, I was in safe mode and I had Mcafee running. I don't know if that would cause any problems. Also, I'm sorry about attaching the 2 files last time. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by kimw606 at 22:25:47 on 2012-09-15 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2433 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kimw606\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=109934&babsrc=HP_ss&mntrId=884b22e3000000000000001cdf1cfd18 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\users\kimw606\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Abyssus] c:\program files\razer\abyssus\razerhid.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\conten~1.lnk - c:\program files\sony\content manager assistant\CMA.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube to iPod Converter - c:\users\kimw606\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3707E9C6-E5C7-4F0A-9CCA-0970AFD9AA6C} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{912F88CA-3ADD-416A-8AE0-11CFA0467DAC} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C94253D1-F200-4EA4-969E-58AADE33674D} : DhcpNameServer = 192.168.2.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kimw606\appdata\roaming\mozilla\firefox\profiles\ksljxatj.default\ FF - prefs.js: browser.search.selectedEngine - Safe Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\users\kimw606\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\kimw606\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-9-12 64832] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 554048] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-8-23 206784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-23 168280] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-23 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-23 166320] R3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\drivers\Abyssus.sys [2012-7-29 9216] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-23 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-23 360792] S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-8-23 54776] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-23 168280] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-23 168280] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-23 168280] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-23 200816] S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688] S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2012-7-29 6656] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-9-12 146872] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-23 230224] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-23 61912] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-23 92192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-3-16 34376] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 114144] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2012-7-29 10240] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-24 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-24 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-15 22:57:23 -------- d-----w- c:\program files\PC Tools 2012-09-15 22:44:53 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-09-15 22:44:53 -------- d-----w- c:\program files\common files\PC Tools 2012-09-15 22:43:42 -------- d-----w- c:\programdata\PC Tools 2012-09-15 22:43:41 -------- d-----w- c:\users\kimw606\appdata\roaming\TestApp 2012-09-13 03:04:53 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-09-13 03:04:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-09-12 22:00:10 -------- d-----w- c:\users\kimw606\appdata\roaming\.minecraft 2012-09-09 14:19:21 -------- d-----w- c:\program files\CONEXANT 2012-09-07 02:28:26 -------- d-----w- c:\program files\RelevantKnowledge 2012-09-07 02:28:22 -------- d-----w- c:\users\kimw606\appdata\roaming\Sonarca Sound Recorder Free 2012-09-07 02:07:56 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-09-07 02:07:49 -------- d-----w- c:\users\kimw606\appdata\local\EZSoftMagic 2012-09-07 01:32:11 -------- d-----w- c:\programdata\FileLab 2012-09-07 01:19:08 -------- d-----w- c:\users\kimw606\appdata\local\IsolatedStorage 2012-09-06 20:05:54 -------- d-----w- c:\program files\FixCleaner 2012-09-02 01:08:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-28 23:06:33 -------- d-----w- c:\users\kimw606\appdata\local\{FFDAC1F1-F164-11E1-8270-B8AC6F996F26} 2012-08-24 01:33:16 -------- d-----w- c:\program files\McAfeeMOBK 2012-08-24 01:33:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2012-08-24 01:33:03 -------- d-----w- c:\program files\McAfee Online Backup 2012-08-24 01:30:42 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-08-24 01:30:37 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-08-24 01:30:37 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-08-24 01:30:37 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-08-24 01:30:37 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-08-24 01:30:37 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-08-24 01:30:37 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-08-24 01:30:32 -------- d-----w- c:\program files\McAfee.com 2012-08-24 00:19:23 166320 ----a-w- c:\windows\system32\mfevtps.exe 2012-08-23 19:59:46 7023536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a2c93001-e640-4ff1-a5a7-8d48490d7bed}\mpengine.dll . ==================== Find3M ==================== . 2012-09-02 01:25:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-02 01:25:22 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 01:08:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-02 01:08:07 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-22 11:52:38 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-22 11:50:24 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . ============= FINISH: 22:26:59.74 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/5/2007 4:58:08 AM System Uptime: 9/15/2012 7:48:08 PM (3 hours ago) . Motherboard: ASUSTek Computer INC. | | Acacia Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 254.827 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.648 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer ActiveCheck component for HP Active Support Library Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 AviSynth 2.5 Belkin 54g USB Network Adapter Belkin Wireless USB Utility BufferChm Carbonite Online Backup Setup Content Manager Assistant for PlayStation® Copy Destination Component DeviceDiscovery DJ_AIO_05_F4400_Software_Min Enhanced Multimedia Keyboard Solution F4400 Free Download Manager Free YouTube to iPod Converter version 3.10.7.804 GearDrvs Google Chrome GPBaseService2 Hardware Diagnostic Tools Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 12.0 HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 HP Easy Setup - Frontend HP Imaging Device Functions 12.0 HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Picasso Media Center Add-In HP Smart Web Printing 4.60 HP Solution Center 12.0 HP Update HPAsset component for HP Active Support Library HPPhotoGadget HPProductAssistant Java 7 Update 7 Java Auto Updater Java 6 Update 30 Java SE Runtime Environment 6 Update 1 JavaFX 2.1.1 LightScribe 1.6.45.1 Malwarebytes' Anti-Malware MarketResearch McAfee All Access – Total Protection McAfee Online Backup Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ Run Time Lib Setup Microsoft Works Mozilla Firefox 15.0 (x86 en-US) Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.0 NVIDIA Drivers Paint.NET v3.5.10 PSSWCORE Python 2.5 Razer Abyssus Realtek High Definition Audio Driver Rhapsody Player Engine Roxio Activation Module Scan Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Shared C Run-time for x86 SmartWebPrinting Soft Data Fax Modem with SmartCP SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Status swMSM Toolbox TrayApp UltimateBuddy Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WeatherBug Gadget WebReg WinRAR archiver XnView 1.97.8 Yahoo! Detect Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 9/9/2012 12:23:03 AM, Error: EventLog [6008] - The previous system shutdown at 12:20:50 AM on 9/9/2012 was unexpected. 9/15/2012 7:52:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 9/15/2012 7:49:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 9/15/2012 7:49:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/15/2012 7:49:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/15/2012 7:49:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 9/15/2012 7:49:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/15/2012 7:48:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/15/2012 6:59:10 PM, Error: PCTCore [280] - 9/15/2012 5:46:40 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 9/15/2012 12:58:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:13:59 PM on 9/14/2012 was unexpected. . ==== End Of File ===========================
  18. I believe my PC was infected with some type of malware. Whenever I use google on Firefox and I click on one of the search results, it redirects me to www.gethotresults.com. This usually happens 1/3 to 1/5 of the time. Now, this does not happen on any other browsers I have installed. I heard this malware goes by the name "random". I havn't seen this name anywhere though. Not in the registry, not in the appdata, not in any firefox/mozilla folders (I thought it would be in there as thats what brower its affecting), I even checked most of the C-Drive. Please tell me it simply just needs me to reset firefox. Any help will be appreciated, Thanks.
  19. Hello, Everytime I search something from home search screen I get redirected to some Blekko ssearch site. I do not find any toolbar installled in any of the browsers, neither I find any Blekko toolbar looking into Control Panel --> Programs and Feautures. I can't either find any solution changing browser settings. All my three browsers (Chrome, IE9 and Firefox) present the same problem. Thanks for your help! DDS.txt Attach.txt
  20. Hello! Just going to leave a little disclaimer here: I'm a bit of a techno noob, so I'm sorry if that's frustrating. Basically, very annoyed, 10 day old laptop keeps redirecting from google searches (not all the time, though). Malwarebytes keeps blocking outbound IP 91.218.121.57. Reading up on it has me concluding it's a redirect virus thing. Hoping you can help stop this? DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Emma at 14:30:08 on 2012-08-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.4632 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\rundll32.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\windows\SysWOW64\rundll32.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://hotmail.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [ascap] "C:\Windows\System32\rundll32.exe" "C:\Users\Emma\AppData\Roaming\ascap.dll",_Readline mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{97E5D772-D53E-447B-8398-1F935024C5DA} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{CA0808AA-0C75-4C0A-ABE2-50A52B71567B} : DhcpNameServer = 192.168.42.129 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys --> C:\windows\system32\DRIVERS\iusb3hcs.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\system32\DRIVERS\NBVol.sys --> C:\windows\system32\DRIVERS\NBVol.sys [?] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\system32\DRIVERS\NBVolUp.sys --> C:\windows\system32\DRIVERS\NBVolUp.sys [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-12 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-12 161560] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-13 655944] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-5-11 199304] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-5-11 210616] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-12 363800] R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys --> C:\windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys --> C:\windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtwlane.sys --> C:\windows\system32\DRIVERS\rtwlane.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-11 250568] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-2 276248] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176] S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-5-11 225216] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\system32\DRIVERS\RtkBtfilter.sys --> C:\windows\system32\DRIVERS\RtkBtfilter.sys [?] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-12 57216] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-08-21 09:08:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C46FBFA4-93FE-46FA-9BF7-978E93246742}\mpengine.dll 2012-08-19 18:32:11 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-08-19 16:33:12 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-17 20:59:08 -------- d-----w- C:\windows\SysWow64\Wat 2012-08-17 20:59:08 -------- d-----w- C:\windows\System32\Wat 2012-08-17 19:46:42 -------- d-----w- C:\Users\Emma\AppData\Roaming\Origin 2012-08-17 19:46:01 -------- d-----w- C:\ProgramData\Origin 2012-08-17 19:45:30 -------- d-----w- C:\Program Files (x86)\Origin 2012-08-17 19:36:29 485376 ----a-w- C:\Users\Emma\AppData\Roaming\ascap.dll 2012-08-15 21:07:03 -------- d-----w- C:\ProgramData\Electronic Arts 2012-08-15 21:05:02 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2012-08-15 21:04:28 3977496 ----a-w- C:\windows\System32\d3dx9_31.dll 2012-08-15 21:04:28 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll 2012-08-15 15:56:23 -------- d-----w- C:\Users\Emma\AppData\Local\SoftGrid Client 2012-08-15 15:56:20 -------- d-----w- C:\Users\Emma\AppData\Roaming\SoftGrid Client 2012-08-15 15:55:00 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-08-15 15:54:41 -------- d-----w- C:\Users\Emma\AppData\Roaming\TP 2012-08-15 08:48:05 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2012-08-15 08:34:59 -------- d-----w- C:\Users\Emma\AppData\Local\Htc 2012-08-15 08:34:30 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC 2012-08-15 08:33:28 -------- d-----w- C:\Users\Emma\AppData\Local\Downloaded Installations 2012-08-15 08:33:05 -------- d-----w- C:\Program Files (x86)\Spirent Communications 2012-08-15 08:32:45 -------- d-----w- C:\Program Files (x86)\HTC 2012-08-15 08:31:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-08-15 07:41:05 552960 ----a-w- C:\windows\System32\drivers\bthport.sys 2012-08-15 07:29:24 294912 ----a-w- C:\windows\System32\browserchoice.exe 2012-08-15 07:14:17 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-08-15 07:14:17 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-08-15 07:14:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-08-15 07:14:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-08-15 07:14:16 5120 ----a-w- C:\windows\System32\wmi.dll 2012-08-15 07:14:16 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-08-15 07:14:16 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-08-15 07:04:48 751104 ----a-w- C:\windows\System32\win32spl.dll 2012-08-15 07:00:03 956928 ----a-w- C:\windows\System32\localspl.dll 2012-08-13 20:31:55 -------- d-----w- C:\Users\Emma\AppData\Roaming\Malwarebytes 2012-08-13 20:31:31 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-13 20:31:29 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-08-13 20:31:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-13 19:54:38 -------- d-----w- C:\Users\Emma\AppData\Local\Diagnostics 2012-08-13 19:50:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26C63FE6-793B-49B9-856B-947705130033}\gapaengine.dll 2012-08-13 19:48:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-08-13 19:48:52 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-13 19:42:37 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-08-13 19:42:26 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-08-13 19:42:18 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-08-13 19:42:18 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-08-13 18:59:20 -------- dc----w- C:\Users\Emma\AppData\Local\MigWiz 2012-08-13 18:56:38 -------- d-----w- C:\Users\Emma\AppData\Local\Google 2012-08-13 18:52:51 -------- d-----w- C:\Users\Emma\AppData\Local\SRS Labs 2012-08-13 18:52:30 -------- d-----w- C:\Users\Emma\AppData\Local\TOSHIBA 2012-08-13 18:51:52 -------- d-----w- C:\Users\Emma\AppData\Local\VirtualStore 2012-08-13 18:51:01 -------- d-----w- C:\Users\Emma\AppData\Roaming\WinBatch 2012-08-13 18:50:59 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop 2012-08-13 18:50:52 -------- d-----w- C:\Users\Emma\AppData\Local\Adobe . ==================== Find3M ==================== . 2012-08-21 15:12:48 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-21 15:12:48 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-25 15:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-05-25 16:13:54 162224 ----a-w- C:\windows\System32\mfevtps.exe . ============= FINISH: 14:31:15.26 =============== Thanks in advanced! Attach log.txt
  21. Hello anyone who is willing to help, I have attached my DDS log. I have run combofix, malwarebytes and then both of those again and still getting redirected after typing a search in google and clicking on results. Please let me know if you see anything in the log that is suspicious and if you have any ideas on removal. DDS did not return the attach.txt file Thanks for your time DDS.txt
  22. Hi, I've tried malwarebytes anti malware and it didn't find anything. I really could use some help. I get redirected everytime I try to search from Google. Here are the 2 files from dds.com. Thanks for any help you can give me . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Val at 21:52:25 on 2012-08-16 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4052 [GMT -4:00] . AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AGI\core\3.1\AGCoreService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Windows\System32\mobsync.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Webshots\3.1.5.7613\webshots.scr C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/?fr=yfp-t-403 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File uRun: [Facebook Update] "C:\Users\Val\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [Apple Computer] rundll32.exe "C:\Users\Val\AppData\Local\Downloaded Installations\Apple Computer\curobkdlz.dll",CreateInstance mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bar] C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTK0Z5AI\access[1].exe mRun: [WildTangent CDA] RUNDLL32.exe "C:\Program Files (x86)\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Val\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Val\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Val\AppData\Local\Temp\{AEAC8A68-0596-4313-9809-20252879AA63}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe StartupFolder: C:\Users\Val\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7613\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F06DF99F-D510-4855-96AE-5E9E6A9B8DFE} : DhcpNameServer = 209.18.47.61 209.18.47.62 BHO-X64: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO-X64: Skype add-on (mastermind) - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO-X64: AIM Toolbar Loader - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [bar] C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTK0Z5AI\access[1].exe mRun-x64: [WildTangent CDA] RUNDLL32.exe "C:\Program Files (x86)\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?] R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-16 23208] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS [?] R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-16 3075920] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-6-2 88576] R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\3.1\AGCoreService.exe [2009-7-7 20480] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-8-14 138272] R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-3-25 206064] R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-8 133104] S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-16 66320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-6 250056] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-8 133104] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-08-17 00:56:20 -------- d-----w- C:\ProgramData\SecTaskMan 2012-08-17 00:55:39 -------- d-----w- C:\Program Files (x86)\Security Task Manager 2012-08-16 23:23:23 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware 2012-08-16 23:14:39 16200 ----a-w- C:\Windows\stinger.sys 2012-08-16 23:14:29 -------- d-----w- C:\Program Files (x86)\stinger 2012-08-15 23:41:59 2769408 ----a-w- C:\Windows\System32\win32k.sys 2012-08-15 22:20:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C22E5B6-865B-4A96-A2D8-CFACB0CEB406}\mpengine.dll 2012-08-15 13:01:41 788480 ----a-w- C:\Windows\System32\localspl.dll 2012-08-15 13:01:40 623616 ----a-w- C:\Windows\SysWow64\localspl.dll 2012-08-15 01:04:37 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys 2012-08-15 01:04:37 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys 2012-08-15 01:04:37 445560 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symtdiv.sys 2012-08-15 01:04:37 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys 2012-08-15 01:04:37 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys 2012-08-15 01:04:37 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys 2012-08-15 01:04:37 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys 2012-08-15 01:04:37 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys 2012-08-15 01:04:17 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E 2012-08-10 04:07:08 -------- d-----w- C:\N360_BACKUP 2012-08-08 20:20:49 -------- d-----w- C:\Users\Val\AppData\Local\CrashDumps . ==================== Find3M ==================== . 2012-08-14 17:49:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 17:49:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-03 20:20:28 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 21:52:45.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 6/1/2009 7:40:11 PM System Uptime: 8/16/2012 9:28:04 PM (0 hours ago) . Motherboard: Dell Inc. | | 0T287N Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 684 GiB total, 475.946 GiB free. D: is FIXED (NTFS) - 15 GiB total, 8.448 GiB free. E: is CDROM () F: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0008 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter PNP Device ID: ROOT\*6TO4MP\0008 Service: tunnel . ==== System Restore Points =================== . RP1194: 7/10/2012 9:46:15 AM - Scheduled Checkpoint RP1195: 7/11/2012 12:00:02 AM - Scheduled Checkpoint RP1196: 7/12/2012 10:14:07 AM - Windows Update RP1197: 7/13/2012 12:00:05 AM - Scheduled Checkpoint RP1198: 7/14/2012 12:51:25 AM - Scheduled Checkpoint RP1199: 7/15/2012 12:00:05 AM - Scheduled Checkpoint RP1200: 7/16/2012 9:48:38 AM - Scheduled Checkpoint RP1202: 7/17/2012 3:31:46 PM - Scheduled Checkpoint RP1203: 7/19/2012 12:00:04 AM - Scheduled Checkpoint RP1204: 7/20/2012 7:51:50 AM - Scheduled Checkpoint RP1205: 7/21/2012 12:00:06 AM - Scheduled Checkpoint RP1206: 7/22/2012 5:28:51 PM - Scheduled Checkpoint RP1207: 7/23/2012 7:57:55 AM - Scheduled Checkpoint RP1208: 7/24/2012 10:07:34 AM - Scheduled Checkpoint RP1209: 7/25/2012 12:00:40 AM - Scheduled Checkpoint RP1211: 7/27/2012 12:18:17 AM - Scheduled Checkpoint RP1212: 7/28/2012 12:00:09 AM - Scheduled Checkpoint RP1213: 7/29/2012 1:40:56 AM - Scheduled Checkpoint RP1214: 7/31/2012 10:20:25 PM - Scheduled Checkpoint RP1215: 8/2/2012 3:34:11 PM - Scheduled Checkpoint RP1216: 8/3/2012 7:40:13 AM - Scheduled Checkpoint RP1217: 8/4/2012 - Scheduled Checkpoint RP1218: 8/5/2012 10:04:54 AM - Scheduled Checkpoint RP1219: 8/9/2012 11:15:40 PM - Scheduled Checkpoint RP1220: 8/10/2012 1:07:42 PM - Scheduled Checkpoint RP1221: 8/12/2012 4:18:58 AM - Scheduled Checkpoint RP1222: 8/13/2012 3:27:06 PM - Scheduled Checkpoint RP1223: 8/15/2012 1:49:33 PM - Scheduled Checkpoint RP1225: 8/15/2012 6:17:10 PM - Windows Defender Checkpoint RP1226: 8/15/2012 6:19:36 PM - Windows Update RP1227: 8/15/2012 7:10:59 PM - Norton 360 Registry Clean RP1228: 8/15/2012 7:38:17 PM - Windows Update RP1229: 8/16/2012 8:15:10 AM - Scheduled Checkpoint RP1230: 8/16/2012 8:58:38 PM - Move file to quarantine: SearchToolbar.dll RP1231: 8/16/2012 9:00:50 PM - Uninstall "Conduit Toolbar" RP1232: 8/16/2012 9:06:37 PM - Removed Bing Bar . ==== Installed Programs ====================== . AA3Deploy Acrobat.com Adobe AIR Adobe Download Assistant Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Adobe Shockwave Player 11.5 AI RoboForm (All Users) AIM 7 AIM Toolbar AIO_Scan Apple Software Update ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card Backyard Basketball Bejeweled 2 Deluxe® Bejeweled 3 Blackhawk Striker 2 from WildTangent (remove only) Bonjour BufferChm C4200 C4200_doccd c4200_Help CardRd81 CCScore Choice Guard Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement Copy Coupon Printer for Windows CR2 Crown Jewels 10K CustomerResearchQFolder Dell-eBay Dell Communications (Support Software) Dell Getting Started Guide Destination Component DeviceDiscovery DeviceManagementQFolder Digital Line Detect DocProc DocProcQFolder Download Updater (AOL LLC) EA Download Manager Emsisoft Anti-Malware ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt eSupportQFolder Facebook Video Calling 1.2.0.159 GEAR driver installer for x86 and x64 Google Chrome Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential2.01 HP Update HPProductAssistant HPSSupply Hunting Unlimited 2010 Java Auto Updater Java 6 Update 30 Junk Mail filter update Kies mini Kodak EasyShare software LimeWire 5.1.4 Malwarebytes' Anti-Malware MarketResearch Microsoft Fighter Ace II Microsoft Flight Simulator 2002 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 3.0 Runtime Morpheus Photo Warper v3.16 Move Media Player MS Access 97 SP2 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) netbrdg NetWaiting Network Play System (Patching) NoPayPOKER Norton 360 Octoshape add-in for Adobe Flash Player OfotoXMI PowerDVD PS_AIO_ProductContext PS_AIO_Software PS_AIO_Software_min PSSWCORE PunkBuster Services Quake Live Internet Explorer Plugin QuickTime Realtek High Definition Audio Driver Roll RollerCoaster Tycoon 2 RollerCoaster Tycoon® 3 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scan SecondLife (remove only) Security Task Manager 1.8d Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) SFR SFR2 SHASTA Silver Oak Casino SimCity 3000 Unlimited Ski Resort Tycoon 2 skin0001 SKINXSDK Skype web features SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 staticcr Status The Sims™ 3 The Sims™ 3 Create a World Tool - Beta Toolbox tooltips TrayApp UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VideoToolkit01 Vietnam: Black Ops 2 v1.1 VPRINTOL WebReg Webshots Desktop Weight Watchers Light and Tasty Deluxe West Point Bridge Designer 2011 (2nd Edition) (remove only) WildTangent Games WildTangent Web Driver Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WIRELESS Yahtzee Zylom Games Player Plugin . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 4:03:07 PM, Error: EventLog [6008] - The previous system shutdown at 3:52:25 PM on 8/9/2012 was unexpected. 8/16/2012 8:40:39 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly. It has done this 1 time(s). 8/16/2012 8:40:39 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 8/15/2012 12:16:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ValD-PC\Val SID (S-1-5-21-3696039469-2759666096-1833586947-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/11/2012 7:07:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 8/11/2012 7:07:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service. 8/10/2012 7:50:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user ValD-PC\Val SID (S-1-5-21-3696039469-2759666096-1833586947-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  23. Good Morning, I have been infected by the Claro redirect file. I read through a great solution by Maniac. I have utilized his advice of downloading and using OTL and aswMBR.exe. I am posting the logs to each below. If you can determine a way to help, it would be greatly appreciated. Thanks so much in advance. OTL LOG: OTL Extras logfile created on: 8/14/2012 6:37:57 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free 15.98 Gb Paging File | 14.09 Gb Available in Paging File | 88.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 284.05 Gb Free Space | 60.99% Space Free | Partition Type: NTFS Computer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .js [@ = js_auto_file] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5\Adobe Dreamweaver CS5.exe (Adobe Systems, Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- Reg Error: Value error. jsfile [open] -- Reg Error: Value error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [edit] -- Reg Error: Value error. jsfile [open] -- Reg Error: Value error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01618F3C-29BF-44A4-9EBE-8CF22CEEBBAA}" = rport=137 | protocol=17 | dir=out | app=system | "{05D1FA9D-49DD-48A3-908B-93B4A150BD45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E973838-30AA-4B7F-84EE-A16C09A145A8}" = lport=139 | protocol=6 | dir=in | app=system | "{1BA3A98A-531F-49F7-B08F-86AAF9C3F4BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2095ABA0-94D6-4F6D-9836-57B1D5FC0114}" = lport=2869 | protocol=6 | dir=in | app=system | "{26ADB68D-DDB6-41C0-A6FB-D7E32CD58BC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2793C2EE-881B-4E16-882A-9F96CC1240AE}" = lport=137 | protocol=17 | dir=in | app=system | "{45085DBB-A194-442E-8860-231B659EBA6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{4AE0E8FA-95D1-4A70-9DDD-AE27F4EFCF16}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5585C12A-D629-48D7-8975-B7682B024DC0}" = rport=10243 | protocol=6 | dir=out | app=system | "{582A51D3-A43C-4A8D-B722-6F594AC0E199}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5DFA9468-843D-4196-B7E2-A2821AD40B82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{626B10BB-5767-4F61-BCB1-881DA62156F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{664D5522-2638-44CF-A65E-AB57F3F9DD6E}" = lport=10243 | protocol=6 | dir=in | app=system | "{68E1C44F-1AC0-48C7-BAD9-AFCE565BBDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6C06F979-2EC4-44EA-90B3-91AE125D1085}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{79F5A21D-9CFF-425D-A170-D854078879D6}" = rport=445 | protocol=6 | dir=out | app=system | "{8AA47926-89D4-45FB-BEE3-4E8172865EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93E4A9FA-7A1E-4665-9DB0-650144919085}" = lport=445 | protocol=6 | dir=in | app=system | "{9C5DAC14-D2EC-426C-A373-012F4190D561}" = lport=138 | protocol=17 | dir=in | app=system | "{A112CB41-B0F6-45D3-B943-B7D65EA394C2}" = rport=139 | protocol=6 | dir=out | app=system | "{A35C94BF-94A3-4FB4-957F-553787E6F27F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AEFB37BC-B111-45FD-A789-9B8076AAB05E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B34B4B53-414F-462B-B268-7AAE10769442}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BE00C8D6-F663-45F6-A58C-B244D1DC4498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5152A66-02BF-42FA-A40B-E5F4A73CC813}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C8E1C89F-ABDE-455A-8622-66F395848002}" = rport=138 | protocol=17 | dir=out | app=system | "{CD04D0FE-8A52-44FB-B7A6-DD72BD41B5C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CE764402-0756-4520-A71E-C417C8F946FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEB2E632-7964-4758-A3F1-91B26EE95AA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CFEA2916-C28A-4FBB-9C25-5E2E300CE731}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D09CAEED-E3B9-45F0-B97D-7AD445B9F129}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB96043F-87CB-43D6-9BA1-AE665B71C2C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E0B4A356-A6D6-4583-A244-E7B0CD35CFCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{023A18A2-AC01-4B1D-B5CA-BAB052DE20F4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{074401AA-7229-4C75-BE6A-0EBAA405CE96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13CB329B-CCE6-4EAC-8B92-FE2FB47D8CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{1CA403B2-AC4E-4B90-AFD1-BD8EF313D560}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{257F5D87-4BC4-4170-91BE-C8EF83861026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2F4767EB-E154-4C24-AE4F-A7DC2B18837D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{363CE2D6-08BB-4E63-BFF9-815FCD79E0E9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3BC24252-DF46-40F9-A648-0A033A19BC25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{47D22BFF-0D31-4920-8F13-123EE02B4DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{488E6986-A001-46AE-953D-0FA5F0A03C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{491FB5DB-921E-4FBF-8F39-642353033025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{59996473-479A-4322-8BB7-FDC92C21BA92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5A7FFA9D-7876-4CF2-93D4-330BA5F2B47D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5B9F0691-0B4E-428E-B710-5405B0072F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{5DB7C0CC-4662-43FD-8D12-3EDE2F2FB4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{5E5AB7B4-ACFE-4187-8685-4D811704C529}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{636434CF-7735-4539-8B29-99A93CE2E2ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{68E02BC3-E968-40D2-8B20-877EA23D668B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6DC65077-ECEA-4F42-A2AC-1AD48C7624FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{70E6E72E-DBF7-4AA1-A90C-428E1AF1D40D}" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe | "{71AB7B2E-1CE8-447F-AA10-B063A2D2F372}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{730ADC6C-6CDC-4883-9B9D-0BBFB682E816}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{79780685-B051-4412-A09A-CC972D87F421}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B4E32E5-5A4A-4DE0-96B3-E4200C90AEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8036F035-DB91-4F60-B020-BC8C2186A99C}" = protocol=58 | dir=in | app=system | "{8FB0EB32-1F3C-46A2-AA83-BCF799B3DC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A47171C3-0A1C-4120-AA11-A3FCAC732B81}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{AB796BE5-1A03-443C-ABF2-04143287B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B9693DB1-BEDF-4D74-AD99-926AA975FA07}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{C2DA823F-058C-49FC-BC30-A560540ABF63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C2EB43A7-8DF0-4E88-9FD9-A911CDE4469E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C30D111E-0853-4DD9-B2C2-7D3B433FA2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{C6FBFD45-719C-45F2-84DD-7EB861A26F23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CB1D69D2-995C-45A5-BCF9-A6F44C21A28D}" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe | "{CC22C63A-BB0F-42AE-AEA9-AA56E082A907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{CE1F7968-6DD3-422E-8417-84C2C329C534}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe | "{D0E2558C-1B46-45C9-8014-AF6D0A836998}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D148DEEA-C70F-4E24-978B-949F4906DAC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D30DA9AF-1C2D-4BC1-8820-FA78D7AD0895}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D4200345-F598-4EF4-9C6C-2F5CD01CC52B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E3123181-E1A7-49FE-8FC2-B2052695A85B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{E31ED0B7-F2FF-4CD5-BA4C-011CCA2FA880}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9DCE756-DB57-4ABB-8FE5-7DBFF0F3823C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F21D84C1-1B0A-4641-BAF9-39EBFC4B4A47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe | "{F4A0A63D-CCA6-4B63-9395-AA03F405274C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F7824FDA-9AAF-4652-ACC2-51099242EA88}" = protocol=6 | dir=out | app=system | "TCP Query User{0860123D-2CAA-4450-9657-C653337EB512}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe | "TCP Query User{4BBC93DC-02B3-4A18-B27B-D5A56D1AC19C}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe | "TCP Query User{4D947123-DCF2-41A0-A9CA-89FFD6834E48}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{635C1CA2-D2B1-40D3-B56C-C9C22BE6B89B}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe | "TCP Query User{A087C06D-5997-4A0A-B946-656B495C454F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{BFCB559C-1551-4D90-8B64-4BF9CA598BE0}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe | "UDP Query User{0003C5FF-A55F-42D9-A47E-87EF626F2FB3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{20509A8D-DEEC-4C28-8383-6BE191A3D088}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{3541729E-F8EE-4DF8-AE32-84D88A87B5D7}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe | "UDP Query User{94E6885E-9637-47B3-90A9-00CE71D2A9DF}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe | "UDP Query User{A9FCABD0-E6F8-44C3-929F-87B383CC0CE5}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe | "UDP Query User{F54DD4A2-3DCC-4576-94B3-075305D42957}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DF4E551-4EC7-11E1-9BA3-B8AC6F97B88E}" = Google Earth Pro "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALchemy" = Creative ALchemy "AoA DVD Ripper_is1" = AoA DVD Ripper "AudioCS" = Creative Audio Control Panel "Console Launcher" = Creative Console Launcher "CopyPod Suite" = CopyPod Suite (remove only) "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Diagnostics 4_5" = Creative Diagnostics "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "Free Easy Burner_is1" = Free Easy Burner V 4.1 "Free FLV Converter_is1" = Free FLV Converter V 7.0.0 "Internet Download Manager" = Internet Download Manager "Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.71 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Steam App 440" = Team Fortress 2 "VLC media player" = VLC media player 2.0.2 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/18/2012 10:47:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000 Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f28cccc Exception code: 0xc0000005 Fault offset: 0x6d29f1c9 Faulting process id: 0x14e4 Faulting application start time: 0x01cd0577dd342de3 Faulting application path: c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe Faulting module path: filesystem_steam.dll Report Id: d0bb3586-716d-11e1-9793-00261893f6eb Error - 3/19/2012 9:16:48 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/20/2012 3:30:34 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/21/2012 3:30:44 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/22/2012 3:30:45 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/22/2012 8:35:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce7a313 Faulting module name: IDMIECC64.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f44fe11 Exception code: 0xc0000005 Fault offset: 0x000000018000cd06 Faulting process id: 0x16e8 Faulting application start time: 0x01cd088cc04aa467 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: IDMIECC64.dll Report Id: 09db9faf-7480-11e1-9742-00261893f6eb Error - 3/23/2012 9:42:52 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/24/2012 10:18:47 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/25/2012 10:39:59 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 3/26/2012 3:30:38 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. [ OSession Events ] Error - 11/30/2011 8:36:20 PM | Computer Name = pblan105295 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/13/2012 7:37:56 PM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/13/2012 7:38:11 PM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/14/2012 8:34:39 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/14/2012 8:34:55 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/14/2012 9:27:04 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/14/2012 9:27:23 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/14/2012 9:29:26 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/14/2012 9:29:43 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/14/2012 9:30:52 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/14/2012 9:31:10 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 < End of report > The other log is below: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-14 06:47:34 ----------------------------- 06:47:34.374 OS Version: Windows x64 6.1.7601 Service Pack 1 06:47:34.374 Number of processors: 4 586 0x2505 06:47:34.375 ComputerName: PBLAN105295 UserName: 06:47:35.601 Initialize success 06:47:54.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 06:47:54.492 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3 06:47:54.507 Disk 0 MBR read successfully 06:47:54.511 Disk 0 MBR scan 06:47:54.515 Disk 0 Windows VISTA default MBR code 06:47:54.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048 06:47:54.533 Disk 0 scanning C:\Windows\system32\drivers 06:47:59.091 Service scanning 06:48:08.644 Modules scanning 06:48:08.655 Disk 0 trace - called modules: 06:48:08.664 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 06:48:08.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800997d060] 06:48:08.677 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80078a0050] 06:48:08.680 Scan finished successfully 06:48:19.793 Disk 0 MBR has been saved successfully to "C:\Users\Paul Blanchard\Desktop\MBR.dat" 06:48:19.797 The log file has been saved successfully to "C:\Users\Paul Blanchard\Desktop\aswMBR.txt"
  24. Ok ... I thought I knew something about managing and removing attacks on computers, but "conduit.com" has me stumped. I tried everything I know and can not get rid of it. It's especially troublesome on Chrome. Opening Chrome it adds it's own tab at the top with this address http://search.conduit.com/?ctid=CT3227975&SearchSource=48 and redirects when I search for solutions to removing it. No antivirus I have tried can see it. Attached is the log generated on my PC. Does anyone know how to remove it Permanently ? DDS.txt
  25. Hello, Have a decent google/redirect virus. Installed and ran MB scan. Found one trojan...seemed to run a little better, than less than a day later I've got redirect again. Followed steps outlined in sticky. Here are the two dds/attach logs. Thanks in advance. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30 Run by jimmywings at 1:39:26 on 2012-07-16 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1909.775 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\AVG\AVG10\avgui.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = g.msn.com/USCON/1 uDefault_Page_URL = g.msn.com/USCON/1 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [skype] Rundll32.exe C:\Users\jimmywings\AppData\Local\Skype\eukbbsxr.dll,CreateCTXMLAttribute mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{C092949A-15F9-4293-9B88-06C497C7C3EB} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\jimmywings\AppData\Roaming\Mozilla\Firefox\Profiles\u04i1iyp.default\ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-16 98208] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-16 2320920] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-31 25072] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McSvHost.exe [?] S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-15 113120] S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-22 24176] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-15 05:56:17 -------- d-----w- C:\Users\jimmywings\AppData\Roaming\Malwarebytes 2012-07-15 05:56:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-15 05:56:01 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-15 05:56:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-11 10:07:03 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 23:26:14 -------- d-----w- C:\Users\jimmywings\AppData\Local\ElevatedDiagnostics 2012-07-06 18:03:19 -------- d-----w- C:\Users\jimmywings\AppData\Local\Skype 2012-06-21 15:51:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 15:51:01 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 15:50:46 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 15:50:46 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-23 16:14:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-23 16:14:20 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 16:52:23 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:46 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:46 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec 2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files\openofficeorg33.msi 2011-01-18 08:52:10 475016 ----a-w- C:\Program Files\setup.exe . ============= FINISH: 1:39:44.97 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/25/2010 8:43:13 PM System Uptime: 7/15/2012 2:16:51 PM (11 hours ago) . Motherboard: Dell Inc. | | 08VFX1 Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | U2E1 | 1999/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 160.677 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_0C45&PID_6480&MI_00\7&48F2EAB&0&0000 Manufacturer: Microsoft Name: Integrated Webcam PNP Device ID: USB\VID_0C45&PID_6480&MI_00\7&48F2EAB&0&0000 Service: usbvideo . ==== System Restore Points =================== . RP115: 6/14/2012 3:01:01 AM - Windows Update RP116: 6/21/2012 8:50:20 AM - Windows Update RP117: 6/30/2012 12:16:05 AM - Scheduled Checkpoint RP118: 7/7/2012 11:39:22 AM - Scheduled Checkpoint RP119: 7/11/2012 3:01:06 AM - Windows Update RP120: 7/15/2012 12:42:26 AM - Removed League of Legends . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe Flash Player 10 ActiveX Adobe Reader 9.1.2 Adobe Shockwave Player 11.6 Advanced Audio FX Engine Apple Application Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bing Bar Cozi Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Home Systems Service Agreement Dell Webcam Central GARMIN 400 Series Trainer GoToAssist 8.0.0.514 Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Internet Explorer Java Auto Updater Java 6 Update 22 Java 6 Update 30 Junk Mail filter update League of Legends Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT OpenOffice.org 3.3 Pando Media Booster QuickTime Realtek High Definition Audio Driver Respondus LockDown Browser Roxio Burn Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Toolbars Skype™ 4.2 swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) uTorrentControl2 Toolbar Visual Studio 2008 x64 Redistributables VLC media player 1.1.9 vShare Plugin WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 7/15/2012 12:20:37 AM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified. 7/15/2012 12:18:25 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed. 7/11/2012 12:48:59 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MASTER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C092949A-15F9-4293-9B88-06C497C7C3EB}. The master browser is stopping or an election is being forced. 7/11/2012 11:15:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 7/10/2012 8:12:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 7/10/2012 11:36:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.