Jump to content

Search the Community

Showing results for tags 'Sweetpacks'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 17 results

  1. I've gone through various threads and sequences of using Malwarebytes, adwcleaner and hitman pro along with chrome cleanup and this PUP still reappears. I've booted into safe mode and used adwcleaner and then reboot and clean, still nothing permanently removes this thing... suggestions?? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/4/17 Scan Time: 10:00 AM Log File: adb5ef4e-d914-11e7-8763-c07cd1fe0346.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3407 License: Premium -System Information- OS: Windows 10 (Build 15063.726) CPU: x64 File System: NTFS User: REDTOWER\ddrab -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 304495 Threats Detected: 7 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 0 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 7 PUP.Optional.SweetIM, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1087], [455282],1.0.3407 PUP.Optional.Taplika, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [2996], [455261],1.0.3407 PUP.Optional.SweetPacks, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [960], [455283],1.0.3407 PUP.Optional.Taplika, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [2996], [455261],1.0.3407 PUP.Optional.SweetPacks, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [960], [455283],1.0.3407 PUP.Optional.Taplika, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [2996], [455261],1.0.3407 PUP.Optional.SweetIM, C:\USERS\DDRAB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1087], [455282],1.0.3407 Physical Sector: 0 (No malicious items detected) (end)
  2. My Windows 7 computer appears to be infected with a PUP called SweetPacks. I've tried removing it using Malwarebytes Pro, Windows Defender, and Hitman Pro. SweetPacks is not showing up as a program I can uninstall on the Control panel. What do I need to do to get rid of this infection permanently?
  3. In the process of reinstalling my programs after a (Windows 8.1 64-bit) refresh, I have somehow aquired Sweetpacks. My Malwarebytes Premium doesn't detect it, even when I set it to treat PUPs as malware. But it sure is there, everytime I launch Chrome (but not IE). I've looked all over the web for a way to get rid of it, but unfortunately each solution wants me to download something else that I'm not sure I trust. (Once burned.....) Actually, Norton didn't like me trying to download FRST64.exe, but I trust Malwarebytes, so turned off Norton and downloaded. Please help. I've attached the files requested. Addition.txt FRST.txt
  4. Hello forums, I am a trial user of Malware Bytes Anti-Malware battling a handful of unwanted programs. A few years ago, my computer was the victim of a browser hijack and trojan from a company called "Sweetpacks". We successfully removed the trojan with Microsoft Security Essentials and fixed the damage to Chrome, but Internet Explorer still makes me extremely uncomfortable. A few days ago, I noticed the presence of Sweetpacks Internet Explorer Toolbar in my program list from a few years ago. Fearing we missed something, I ran multiple virus scans with no yield. After this, I attempted to uninstall this program, but gave the Sweetpacks uninstall the administrator password! (It did uninstall the program, but I'm unsure what else it may have done! This was extremely foolish of me.) I downloaded MalwareBytes and it picked up a plethora of garbage, ranging from Arcade Giant to Conduit to multiple other disgusting programs. There were also a huge amount of Sweetpacks files scattered throughout the registry and burrowed deep into multiple user's browser toolbars and extensions. Through the use of MalwareBytes, all of these items were quarantined and deleted. One however, is being detected by the threat scan after every restart. This Registry Key: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNETEXPLORER\SEARCHSCOPES\{EEE6C36... is being detected once with every scan. I don't understand the registry enough to know what this means! Why might this object be getting flagged with every scan? Why does it persist/get recreated upon each restart? Should I be worried about other unwanted programs returning on my computer? Additionally, can I trust that Microsoft Security Essentials is actually not locating any threats? Should it have found anything associated with these unwanted programs? Thanks so very much for your assistance, Johnathan
  5. Hello everyone, I am new to the forums and I am new to being infected. I have read through this thread on the same problem: https://forums.malwarebytes.org/index.php?/topic/134786-malware-removal-request-updater-by-sweetpacks-pupoptionalsweetpacksa/ However, I don't know if I am supposed to take the same steps that this man took! Help would be nice, and if I am going about this wrong then any corrections/suggestions are welcome!
  6. Your magic is weak, MBAM... I hope that you guys have noticed the pattern. Note how many users are reporting a pre-scan crash. The difference between what others are reporting and this report is that I am pretty sure that the perpetrator involved is something left by one of the Sweetpacks PUPs. You are several steps from being able to assist any customers in getting rid of it. Both your regular anti-malware products, and Chameleon insist on updating the product before scanning. This is your Achilles heel. The PUP plugs your update IP, and feeds your program garbage. However, the act of trying to access this port on that IP apparently results in them getting your process ID (via the Sockets API's - look it up), no matter how hard you try to mutate . So, both regular MBAM and Chameleon are easily terminated. In fact, I'll bet they didn't even have to change anything to defeat Chameleon. I managed to bypass this behavior about 1 out of 100 times by giving it many instances to kill at one time. Here is the kicker, though: YOU CAN'T FIND THE MALWARE DURING THE SCAN! So, you are trying to update the free sites that you use to distributed your software on the cheap too infrequently, but - more importantly - you are giving those people WAY too easy an attack vector on you. You have to stop unconditionally forcing an update check. It is suicide. It must be a point of pride with those guys to terminate your process, as it appears that you are completely unable to detect them. If I can find the file, I'll let you know, but I just want my computer to work, so I can't spend a lot of time on this. Perhaps I can find the process id of the offending file.
  7. My latest scan reported 2 PUPs that are apparently related to a "sweetpacks" tool bar. I don't have a toolbar on my Firefox but would like to get rid of these. Problem is one of them is in my Firefox prefs.js and I don't want to just delete that if I might loose something that Firefox needs. prefs.js is just a text file and I can see activity related to conduit. Can that just be edited out? Would appreciate guidance on how to resolve this. I checked the Self Help Guides, 24 pages!, but did not see anything that applied to this issue. Follows is the "copy to clipboard" data from the threat report dialoge box. =============================================================== Scan Date: 4/4/2014 Scan Time: 8:46:13 AM Logfile: Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.04.03 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sherron Scan Type: Threat Scan Result: Completed Objects Scanned: 340788 Time Elapsed: 5 hr, 15 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.Conduit.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\conduit.xml, , [8cc7f036700b70c6e850f36fb44ed030], PUP.Optional.SweetPacks.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://start.sweetpacks.com/?src=2&st=12&barid={934084FD-B2CE-11E2-B4AB-00188BCBE562}&q=") , ,[57fc0e180279e94d8c77f04eeb190af6] Physical Sectors: 0 (No malicious items detected) (end)
  8. Hello I have been working on removing some malware that I am unsure exactly how it got on my computer. I run malwarebytes and prevx/webroot, and neither program is able to remove the "IE Toolbar " program from my control panel installed programs list. I was following the post from this thread and decided to make a help thread before proceeding any more. https://forums.malwarebytes.org/index.php?showtopic=125930 I scanned full with an up to date malwarebytes, couldn't get security check to give a log, and moved on to adwcleaner. I have logs for malwarebytes and adwcleaner, but I am submitting this thread from an iPad, so I will reply with the logs once all backups are done and I will be ready to find and destroy this malware! Thank you ahead of time for your help.
  9. There was a file that I downloaded onto my PC that ended up on my list of Programs - it's called "Zip Extractor Packages," and clicking on it also installed some known malware programs. I'm not sure if it's a virus, malware, a benign or dangerous PUP or something else, but since there are only a few dozen Google hits on this, I'm wondering if it's brand new, what its effects are, and how to fully remove any remnants of it. Unfortunately I don't have a copy or screen shot to attach, since my PC went to Geek Squad and they said all malware/viruses were removed. But since it may be a brand new malware or a dangerous PUP, I'm hoping someone can investigate what it is. (I posted a request for help on the "Malwarebytes Anti-Malware Help" forum here - they didn't know what it was, and said I should post in Newest Malware Threats, which I did. Since the moderator who replied there said he couldnt find it at the link I gave below, he suggested I post here and let him know what I hear. My Geek Squad guy suggested I post in Tom's Hardware, but I got no reply there) I believe I downloaded it based on a link from the moderator of MalwareTips.com that said it was a link for RogueKiller. Unless the link was changed from a few days ago, I believe the link was listed as this: RogueKiller Download Link: http://tigzy.geekstogo.com/roguekiller.php (FYI. Someone at the Malwarebytes forum said they tried this link & Zip Extractor Packages wasn't there - since I no longer had the program or any screenshots, they said they weren't able to investigate it) Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another) - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. When I tried to uninstall, it said it may have been removed... and then a NEW program appeared on the list - Sweetpacks. I went back to another help page on the site and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link unless you have a way to safely download and examine it - it's listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Though Geek Squad says they found my hardware was clean, and say they cleaned everything, my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since this thing may still be unknown or unanalyzed. Anyone know about this malware/PUP, or can anyone report it to whoever these things get reported to so it can be fixed? A friend in IT said antivirus/malware co's usually have 30 days after IDing a new item to come up with a solution, and with only a few dozen Google page hits on this thing the last time I checked, I'm afraid I may be Ground Zero with a new virus or malware or dangerous PUP. And a few related things it may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) Thanks, Jeff
  10. I have malware on my system called "Zip Extractor Packages" but since there are only a few dozen Google hits on this, I'm wondering if it's brand new and how to remove it. I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another" - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. (When I tried to uninstall, it said it may have been removed) and then a NEW program appeared on the list - Sweetpacks) I went back to the site (this time http://malwaretips.com/blogs/remove-sweetpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link, listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed. Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed? And a few related things some of this malware may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) --Also: I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post Thanks! Jeff
  11. To whom it may concern. My Name is Ellad Kushnir, Marketing manager at Perion. We've had issues of false positive markings in the past and it seems that our setup file is being marked by Malwarebytes, this is a False -Positive mark. SweetIM is a leading expressive content IM add-on, with over 170 million users. It has been acquired by *Perion Network Ltd* (NASDAQ:PERI www.perion.com<http://www.perion.com>), which develops consumer applications that make the everyday life of our simple, safe and enjoyable. Among our brands are Smilebox, the MyStart homepage and the popular IncrediMail email and iPad clients. We are a trusted search partner of Google for the last 6 years, a BING search partner, TRUST-e certified application (verify here: http://clicktoverify.truste.com/pvr.php?page=validate&softwareProgramId=139&sealid=112 ). We are white listed with many of the major antivirus companies such as AVG and Symantec, and we are McAfee Secure. Our product is in the top downloads sites for many years. We found that our installer software is being flagged by your antivirus as suspicious software. These are the files in question: http://cdn.download.sweetpacks.com/smilebox/bing/agent/bundlesweetimsetup.exe http://cdn.download.sweetpacks.com/simsdm/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/bing/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/ask/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/yahoo/Agent/BundleSweetIMSetup.exe Please remove us from this alert. This is hurting our users and partners, and needless to say has a negative effect on our business. Please let me know if there is anything you need or if there is anything that we can help with in order to close this issue. If you require more information please reply to this message or via phone +972-3-7696100 ext. 241 Thanks.
  12. Was found to have been infected by Sweetpacks and SearchProtect after completing an anti-malware scan. I believe I may have unintentionally approved installation of these programs when installing Daemon Tools Lite. Malwarebytes detected and removed the products, but I'm still experiencing poor PC performance. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by Owner at 10:05:40 on 2013-09-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2603 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\FolderSize\FolderSizeSvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{EF509DC6-E6B4-40E9-8BA1-441251DE0FE4} : DHCPNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{EF509DC6-E6B4-40E9-8BA1-441251DE0FE4}\D405345574 : DHCPNameServer = 65.32.5.74 65.32.5.75 TCP: Interfaces\{F9CDDCF3-3B6B-4185-9538-6EE93CB226CD} : DHCPNameServer = 10.2.51.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\ FF - prefs.js: browser.search.selectedEngine - SweetPacks Customized Web Search FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-08-26 18:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-08-26 18:43; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-08-26 18:43; requestpolicy@requestpolicy.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\requestpolicy@requestpolicy.com.xpi FF - ExtSQL: 2013-09-13 15:18; jid1-F9UJ2thwoAm5gQ@jetpack; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi FF - ExtSQL: 2013-09-13 15:19; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF - ExtSQL: 2013-09-13 15:19; {a0faa0a4-f1a7-4098-9a74-21efc3a92372}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}.xpi FF - ExtSQL: 2013-09-13 15:21; {f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hjfh1zqi.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-9-18 283064] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-20 418376] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-26 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584] R3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\drivers\mcvidrv_x64.sys [2013-9-5 44928] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-20 25928] R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-26 38096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-20 701512] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-22 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-26 243712] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-26 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-8-22 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-8-22 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-22 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-09-29 15:02:41 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6820825C-1281-4A58-97DF-EFEE64624DE3}\mpengine.dll 2013-09-28 08:14:41 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-24 10:14:55 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-09-24 10:11:31 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-09-24 05:45:58 -------- d-----w- C:\Program Files (x86)\Audacity 2013-09-22 08:53:04 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2013-09-22 08:53:04 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2013-09-22 08:53:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2013-09-22 08:52:05 -------- d-----w- C:\ProgramData\Battle.net 2013-09-21 18:06:46 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll 2013-09-21 18:05:50 -------- d-----w- C:\Program Files (x86)\Democracy2 2013-09-20 17:08:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-09-20 17:08:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-19 03:26:40 -------- d-----w- C:\Program Files (x86)\Conduit 2013-09-19 03:26:34 -------- d-----w- C:\ProgramData\Conduit 2013-09-19 03:26:31 -------- d-----w- C:\Users\Owner\AppData\Local\Conduit 2013-09-19 03:26:24 -------- d-----w- C:\Program Files (x86)\Activision 2013-09-19 03:25:42 -------- d-----w- C:\Program Files (x86)\SearchProtect 2013-09-19 03:25:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\SearchProtect 2013-09-19 03:23:33 -------- d-----w- C:\windows\SysWow64\jmdp 2013-09-19 03:23:28 829264 ----a-w- C:\windows\System32\msvcr100.dll 2013-09-19 03:23:28 608080 ----a-w- C:\windows\System32\msvcp100.dll 2013-09-19 03:23:28 33792 ----a-w- C:\windows\System32\ImHttpComm.dll 2013-09-19 03:23:28 1648432 ----a-w- C:\windows\System32\dmwu.exe 2013-09-19 03:23:28 -------- d-----w- C:\windows\SysWow64\ARFC 2013-09-19 03:23:25 -------- d-----w- C:\windows\SysWow64\WNLT 2013-09-19 03:22:46 283064 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys 2013-09-19 03:22:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite 2013-09-19 03:22:31 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2013-09-19 02:50:56 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2013-09-18 22:42:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\3909 2013-09-18 22:42:29 -------- d-----w- C:\GOG Games 2013-09-15 20:03:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\foobar2000 2013-09-15 16:33:33 -------- d-----w- C:\Program Files (x86)\foobar2000 2013-09-15 16:24:33 -------- d-----w- C:\Program Files\Speccy 2013-09-15 11:07:00 -------- d-----w- C:\Users\Owner\Programs 2013-09-12 06:25:36 155584 ----a-w- C:\windows\System32\drivers\ataport.sys 2013-09-11 16:33:58 -------- d-----w- C:\Program Files\FolderSize 2013-09-10 08:25:12 -------- d-----w- C:\Users\Owner\AppData\Local\calibre-cache 2013-09-10 08:24:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\calibre 2013-09-06 08:16:29 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Games 2013-09-06 07:22:28 -------- d-----w- C:\Users\Owner\eBooks 2013-09-06 04:30:21 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54EE827E-F509-4305-9FC6-5735C3131353}\gapaengine.dll 2013-09-05 11:41:00 -------- d-----w- C:\ProgramData\APN 2013-09-05 11:39:49 -------- d-----w- C:\Users\Owner\AppData\Local\ManyCam 2013-09-05 11:39:48 -------- d-----w- C:\ProgramData\ManyCam 2013-09-05 11:39:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\ManyCam 2013-09-05 11:39:21 44928 ----a-w- C:\windows\System32\drivers\mcvidrv_x64.sys 2013-09-05 11:38:51 -------- d-----w- C:\Program Files (x86)\ManyCam 2013-09-03 18:11:20 -------- d-----w- C:\Program Files\Defraggler 2013-09-02 01:36:01 -------- d-----w- C:\Program Files (x86)\Calibre2 . ==================== Find3M ==================== . 2013-09-19 16:41:30 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-19 16:41:30 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-08-27 16:04:19 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-27 16:04:11 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-08-27 16:04:11 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys 2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys . ============= FINISH: 10:06:53.64 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/20/2011 11:03:03 AM System Uptime: 9/29/2013 7:06:31 PM (15 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 27.407 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP216: 9/26/2013 7:48:15 PM - Windows Update . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program Audacity 2.0.4 Best Buy pc app calibre CCleaner Cisco Connect Conexant HD Audio D3DX10 DAEMON Tools Lite Defraggler Democracy 2 Epson Download Navigator Fallout Folder Size (64-bit) foobar2000 v1.2.9 Google Talk (remove only) IB Updater Service Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet TV for Windows Media Center Java 7 Update 25 Java Auto Updater Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 ManyCam 3.1.59 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 OpenOffice.org 3.1 Papers, Please PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Realtek USB 2.0 Card Reader Recuva Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Skype™ 6.6 Speccy SpeedFan (remove only) Spotify SumatraPDF swMSM Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) VLC media player 2.0.8 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 9/29/2013 10:51:55 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 9/29/2013 10:51:54 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 9/24/2013 8:36:45 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  13. The last time that I tried to remove Sweetpacks, I used RKill and ended up having to do a system restore. This time I around, I am asking for some step by step assistance from people way more knowledgeable than myself. I have set my DNS to go through a proxy, (Open DNS). I caught one of my sons on a porn site. I am thinking that one of the boys probably picked up something up from either one of those kind of sites or from a game-hack site. etc... I've been slack on my computer security maintenance and now it shows. Apparently when they get a pop-up to update my security programs, they just click close. (GRRRR!!) Sorry, you probably do not need all of that extra info. Here is my DDS file. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2Run by DPorter at 15:11:48 on 2013-09-09.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Ad-Aware Antivirus\AdAwareService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\AERTSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\AVG\AVG2013\avgemcx.exeC:\Program Files\Nero\Update\NASvc.exeC:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Bandoo\Bandoo.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\System32\alg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\wpcumi.exeC:\Program Files\AVG\AVG2013\avgui.exeC:\Program Files\AVG Secure Search\vprot.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Program Files\Samsung\Kies\KiesTrayAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Samsung\Kies\Kies.exeC:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\NETGEAR\WPN311\wlancfg5.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DPorter\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluSearch Bar = PreservemSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: BrowserHelper Class: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dllBHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\updater by sweetpacks\Extension32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - c:\program files\bandoo\plugins\ie\ieplugin.dllBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllTB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduleruRun: [Google Update] "c:\users\dporter\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [CD0C45E7C4A4C598B9CD08DCE8C9A0E1418B91B5._service_run] "c:\users\dporter\appdata\local\google\chrome\application\chrome.exe" --type=serviceuRun: [spotify Web Helper] "c:\users\dporter\appdata\roaming\spotify\data\SpotifyWebHelper.exe"uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preloaduRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startupuRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [RtHDVCpl] RtHDVCpl.exemRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [NeroCheck] c:\windows\system32\NeroCheck.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [WPCUMI] c:\windows\system32\WpcUmi.exemRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLYmRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"mRun: [searchProtection] c:\programdata\search protection\_run.batmRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-runmRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1STVhMVy1ITjQ0QS1CQUJQQS1TR1hKQy1QRU1CUg"&"inst=NzYtMTI5OTAzNjkzMi1CQSsxLUtWMys3LVQ1LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GOU0rMS1TVDEwT0krMS1ERFQrMC1EMzgxTCs2LUkxMCsxLVNUMTBBUFArMS1DSUQrMS1JSVNBKzE"&"prod=94"&"ver=10.0.1427uPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: EnableUIADesktopToggle = dword:0IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\windows\system32\wpclsp.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 8.8.8.8 216.252.23.242 209.55.27.13TCP: Interfaces\{1F7930A1-A3C4-4798-A8BF-F7A7BF9B5391} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{5FB1B4B8-77E1-4565-A0E1-914E4DEC4CD4} : DHCPNameServer = 163.244.194.254 163.244.212.254 163.244.194.42 163.244.199.61TCP: Interfaces\{7127BCCA-C85C-44D7-9822-01CE4B99C8B8} : NameServer = 208.67.222.123,208.67.220.123TCP: Interfaces\{7127BCCA-C85C-44D7-9822-01CE4B99C8B8} : DHCPNameServer = 8.8.8.8 216.252.23.242 209.55.27.13TCP: Interfaces\{BED34B9C-A205-412B-9994-8A7C466A4628} : DHCPNameServer = 192.168.42.129Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dllNotify: igfxcui - igfxdev.dllAppInit_DLLs= c:\progra~1\bandoo\bndhook.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg.================= FIREFOX ===================.FF - ProfilePath - c:\users\dporter\appdata\roaming\mozilla\firefox\profiles\skdpbssn.default-1378738614842\FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\dporter\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\users\dporter\appdata\local\pokki\download helper\npPokkiDownloadHelper.1.2.0.78.dllFF - plugin: c:\users\dporter\appdata\locallow\unity\webplayer\loader\npUnity3D32.dllFF - plugin: c:\users\dporter\appdata\roaming\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - ExtSQL: 2013-07-16 01:26; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\updater by sweetpacks\FirefoxFF - ExtSQL: 2013-08-15 00:23; avg@toolbar; c:\programdata\avg secure search\firefoxext\15.5.0.2FF - ExtSQL: !HIDDEN! 2010-03-17 16:23; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? dgderdrv;dgderdrvR? EagleXNt;EagleXNtR? HTCAND32;HTC Device DriverR? htcnprot;HTC NDIS Protocol DriverR? Lbd;LbdR? mbamchameleon;mbamchameleonR? MSSQLServerADHelper100;SQL Active Directory Helper ServiceR? RsFx0103;RsFx0103 DriverR? SBAMSvc;Ad-AwareR? SkypeUpdate;Skype UpdaterR? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)R? WDC_SAM;WD SCSI Pass Thru driverR? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0S? Ad-Aware Service;Ad-Aware ServiceS? AERTFilters;Andrea RT Filters ServiceS? AVGIDSAgent;AVGIDSAgentS? AVGIDSDriver;AVGIDSDriverS? AVGIDSHX;AVGIDSHXS? AVGIDSShim;AVGIDSShimS? Avgldx86;AVG AVI Loader DriverS? Avglogx;AVG Logging DriverS? Avgmfx86;AVG Mini-Filter Resident Anti-Virus ShieldS? Avgrkx86;AVG Anti-Rootkit DriverS? Avgtdix;AVG TDI DriverS? avgtp;avgtpS? avgwd;AVG WatchDogS? DockLoginService;Dock Login ServiceS? FontCache;Windows Font Cache ServiceS? gfibto;gfibtoS? MBAMScheduler;MBAMSchedulerS? NAUpdate;Nero UpdateS? PassThru Service;Internet Pass-Through ServiceS? vToolbarUpdater15.5.0;vToolbarUpdater15.5.0.=============== Created Last 30 ================.2013-09-04 12:38:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-09-02 20:51:15 -------- d-----w- c:\program files\iPod2013-09-02 20:51:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12013-09-02 20:30:11 -------- d-----w- c:\windows\LastGood.Tmp2013-08-28 04:30:05 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-25 13:29:36 -------- d-----w- c:\users\dporter\appdata\roaming\RadicalLinux Developments2013-08-17 17:19:36 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe2013-08-14 08:06:18 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2013-08-14 08:06:18 15872 ----a-w- c:\windows\system32\icaapi.dll2013-08-14 08:06:17 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-14 08:06:05 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-14 08:06:02 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-14 08:06:00 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-14 08:06:00 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-14 08:06:00 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-08-14 08:05:21 992768 ----a-w- c:\windows\system32\crypt32.dll2013-08-14 08:05:20 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-08-14 08:05:20 172544 ----a-w- c:\windows\system32\wintrust.dll2013-08-14 08:05:20 133120 ----a-w- c:\windows\system32\cryptsvc.dll.==================== Find3M ====================.2013-09-04 12:37:01 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-04 12:37:00 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-08-21 14:14:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-21 14:14:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-08-15 05:22:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-07-20 06:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-20 06:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-20 06:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-20 06:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-07-10 06:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.============= FINISH: 15:18:37.99 ===============
  14. I want to report the toolbar called Sweetpacks. The website site is www.sweetim.sweetpacks.com .This toolbar is very difficult to remove and malwarebytes does not detect it.
  15. When clicking on a link in Outlook 2010 I got an error message. After googline some I just found sweet packs on my system. I ran Revo uninstaller and it offered to delete over 5000 registry entries (I decided to skip that.). After running Malwarebyes it quanteened pricepeep_130001_0101.exe and deleted it. I don't find sweetpacks in either Revo uninsallers conrtol panel, or Microsofts CP 'Programs and Features'. But, I'm very concerned there is more to be done. Any assistance will be appreciated. Regards, Tom C PS I'm attaching the mbam log file mbam-log-2013-05-30 (04-55-48).txt
  16. Hi folks, My new HP Envy h8 desktop running Windows 8 x64 got a Sweetpacks hijacker and/or virus about two months ago. I've tried removing from many angles but still have symptoms. (Fake Acrobat install prompts popup on Chrome browser, Malwarebytes and other scanners found malicious items, IE seems hijacked, JRT can't remove some Sweetpacks registry entries, Malwarebytes was blocking outgoing and incoming IP connections from svchost, occasional crashes.) Any help would be much appreciated! ~ -------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Carly at 7:47:58 on 2013-05-26 #Option Extended Search is enabled. Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8129.4734 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\dwm.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\atieclxx.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k apphost C:\windows\system32\dashost.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\taskhostex.exe C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\IDT\WDM\Beats64.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\explorer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Carly\Downloads\Windows-KB890830-x64-V4.20.exe c:\660293e94918c2eb3b7b8bed700f9a\mrtstub.exe C:\windows\system32\MRT.exe C:\Users\Carly\Downloads\SUPERAntiSpyware.exe C:\Users\Carly\Downloads\SUPERAntiSpyware.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\windows\system32\srtasks.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\sysWow64\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={87E291A5-B1EF-11E2-BE75-7054D2BEF601} mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned> TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\EVOLUE~1.LNK - C:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5B6E9225-6C91-4309-A559-7C325E769974} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{BAB48341-8840-4FC0-BB67-5240DEEEC25C} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-mPolicies-System: PromptOnSecureDesktop = dword:0 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-4-30 65336] R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-4-30 189936] R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-12-7 652344] R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-4-9 56336] R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-4-30 1025808] R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-4-30 378432] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-11-14 239616] R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-4-30 33400] R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-4-30 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-9 128896] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-9 165760] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-29 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-29 701512] R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-9 364416] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472] R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\windows\System32\Drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144] R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\windows\System32\Drivers\EvoMouseDriverMini.sys [2010-6-23 22584] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-21 110744] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-29 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 acsock;acsock;C:\windows\System32\Drivers\acsock64.sys [2013-4-29 107432] S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2013-5-11 31800] . =============== Created Last 60 ================ . 2013-05-26 11:25:08 -------- d-----w- C:\ProgramData\SUPERSetup 2013-05-26 11:25:03 -------- d-----w- C:\660293e94918c2eb3b7b8bed700f9a 2013-05-26 10:53:56 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-26 01:28:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-05-23 02:18:07 -------- d-----w- C:\Program Files\CCleaner 2013-05-19 19:37:59 659456 ----a-w- C:\windows\SysWow64\mssvp.dll 2013-05-15 17:37:44 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys 2013-05-15 15:52:55 861184 ----a-w- C:\windows\System32\drivers\http.sys 2013-05-15 15:52:54 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-05-15 15:52:54 2382336 ----a-w- C:\windows\SysWow64\esent.dll 2013-05-15 15:52:53 2851840 ----a-w- C:\windows\System32\esent.dll 2013-05-15 11:26:58 70144 ----a-w- C:\windows\System32\appinfo.dll 2013-05-15 11:26:58 112872 ----a-w- C:\windows\System32\consent.exe 2013-05-12 00:32:36 -------- d-----w- C:\Users\Carly\AppData\Local\VS Revo Group 2013-05-12 00:32:33 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys 2013-05-12 00:32:33 -------- d-----w- C:\ProgramData\VS Revo Group 2013-05-12 00:32:32 -------- d-----w- C:\Program Files\VS Revo Group 2013-05-12 00:04:08 -------- d-----w- C:\Users\Carly\AppData\Local\Pokki 2013-05-12 00:01:01 971680 ----a-w- C:\windows\System32\deployJava1.dll 2013-05-12 00:01:01 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll 2013-05-12 00:01:00 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2013-05-11 22:57:39 -------- d-----w- C:\Program Files (x86)\ESET 2013-05-11 21:54:11 -------- d-----w- C:\windows\ERUNT 2013-05-11 21:54:06 -------- d-----w- C:\JRT 2013-05-01 01:19:46 -------- d-----w- C:\Program Files (x86)\Common Files\IVA 2013-05-01 01:19:28 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance 2013-05-01 01:18:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\calibre 2013-05-01 01:06:11 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2013-05-01 01:06:06 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys 2013-05-01 01:06:06 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2013-05-01 01:06:05 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys 2013-05-01 01:06:04 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2013-05-01 01:05:53 41664 ----a-w- C:\windows\avastSS.scr 2013-05-01 01:05:45 -------- d-----w- C:\Program Files\AVAST Software 2013-05-01 01:04:41 -------- d-----w- C:\ProgramData\AVAST Software 2013-05-01 00:54:39 12872 ----a-w- C:\windows\System32\bootdelete.exe 2013-05-01 00:47:58 -------- d-----w- C:\ProgramData\HitmanPro 2013-04-30 23:57:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nuance 2013-04-30 23:56:38 -------- d-----w- C:\Users\Carly\AppData\Roaming\FLEXnet 2013-04-30 23:54:27 -------- d-----w- C:\ProgramData\Nuance 2013-04-30 23:54:27 -------- d-----w- C:\Program Files (x86)\Nuance 2013-04-30 23:49:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2013-04-30 23:45:50 -------- d-----r- C:\Users\Carly\eBooks 2013-04-30 23:41:31 -------- d-----w- C:\Users\Carly\AppData\Roaming\DAEMON Tools Lite 2013-04-30 23:39:38 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2013-04-30 00:00:36 -------- d-----w- C:\Users\Carly\.swt 2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Roaming\cYo 2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Local\cYo 2013-04-29 23:56:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Azureus 2013-04-29 23:56:16 -------- d-----w- C:\Program Files\ComicRack 2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nitro 2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\FileOpen 2013-04-29 23:50:49 -------- d-----w- C:\ProgramData\FileOpen 2013-04-29 23:50:36 29712 ----a-w- C:\windows\System32\nitrolocalmon2.dll 2013-04-29 23:50:36 17936 ----a-w- C:\windows\System32\nitrolocalui2.dll 2013-04-29 23:50:33 -------- d-----w- C:\ProgramData\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files\Common Files\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro 2013-04-29 23:50:22 -------- d-----w- C:\Users\Carly\AppData\Roaming\Downloaded Installations 2013-04-29 23:35:50 -------- d-----w- C:\Program Files (x86)\Calibre2 2013-04-29 23:29:32 178688 ----a-w- C:\windows\SysWow64\unrar.dll 2013-04-29 23:29:30 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-04-29 20:35:24 -------- d-----w- C:\Program Files\Adblock Pro 2013-04-29 20:22:54 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-04-29 20:06:53 -------- d-----w- C:\Users\Carly\AppData\Local\MediaMonkey 2013-04-29 20:06:42 -------- d-----w- C:\Users\Carly\AppData\Roaming\MediaMonkey 2013-04-29 20:06:38 -------- d-----w- C:\ProgramData\MediaMonkey 2013-04-29 20:06:37 -------- d-----w- C:\Program Files (x86)\MediaMonkey 2013-04-29 19:29:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\Malwarebytes 2013-04-29 19:29:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-04-29 19:29:26 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-29 19:29:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-29 19:29:11 -------- d-----w- C:\Users\Carly\AppData\Local\Programs 2013-04-19 23:51:29 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-04-19 23:49:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-04-19 23:49:28 -------- d-----w- C:\Users\Carly\AppData\Local\Microsoft Help 2013-04-19 23:42:30 -------- d-----w- C:\Users\Carly\Tracing 2013-04-19 23:42:30 -------- d-----w- C:\Program Files (x86)\OCSetup 2013-04-19 23:07:47 -------- d-----r- C:\Program Files (x86)\Skype 2013-04-19 22:48:03 -------- d-----w- C:\Program Files\Evoluent 2013-04-19 21:57:51 -------- d-----r- C:\Users\Carly\Dropbox 2013-04-19 21:55:50 -------- d-----w- C:\Users\Carly\AppData\Roaming\Dropbox 2013-04-19 21:37:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-04-19 11:01:44 -------- d-----w- C:\Users\Carly\AppData\Roaming\ViStart 2013-04-19 10:46:00 -------- d-----w- C:\Users\Carly\AppData\Roaming\hpqLog 2013-04-19 10:39:44 -------- d-----w- C:\Users\Carly\AppData\Local\Symantec 2013-04-19 10:38:45 56272 ----a-w- C:\windows\System32\snacnp.dll 2013-04-19 10:34:38 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-04-19 10:34:35 -------- d-----w- C:\Program Files (x86)\LastPass 2013-04-19 02:14:00 109568 ----a-w- C:\windows\System32\dskquota.dll 2013-04-19 02:12:59 665600 ----a-w- C:\windows\SysWow64\KernelBase.dll 2013-04-19 01:11:14 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-04-19 01:11:13 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-04-19 01:01:51 -------- d-----w- C:\Users\Carly\AppData\Local\Google 2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Deployment 2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Apps 2013-04-19 01:00:09 -------- d-----w- C:\ProgramData\Symantec 2013-04-19 00:36:42 775216 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-04-19 00:35:59 945152 ----a-w- C:\windows\System32\resetengmig.dll 2013-04-19 00:32:37 -------- d-----w- C:\Users\Carly\AppData\Local\ElevatedDiagnostics 2013-04-19 00:32:14 -------- d-----w- C:\Users\Carly\AppData\Local\Diagnostics 2013-04-19 00:28:26 -------- d-----w- C:\Users\Carly\AppData\Local\Hewlett-Packard 2013-04-19 00:07:36 -------- d-----w- C:\Users\Carly\AppData\Local\ATI 2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Searches 2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Contacts 2013-04-19 00:04:50 -------- d-----w- C:\Users\Carly\AppData\Local\assembly 2013-04-19 00:04:26 -------- d-----w- C:\Users\Carly\AppData\Local\Power2Go8 2013-04-19 00:04:13 -------- d-----w- C:\Users\Carly\AppData\Local\VirtualStore 2013-04-15 11:02:04 334000 ----a-w- C:\windows\System32\RaCoInstx.dll 2013-04-15 11:02:04 2482960 ----a-w- C:\windows\System32\drivers\netr28x.sys 2013-04-10 01:20:58 -------- d-----w- C:\Program Files (x86)\SymSilent 2013-04-10 01:20:31 -------- d-----w- C:\ProgramData\Norton 2013-04-10 01:20:00 -------- d-----w- C:\ProgramData\NortonInstaller 2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DSETUP.dll 2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DSETUP.dll 2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DXSETUP.exe 2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DXSETUP.exe 2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\dsetup32.dll 2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\dsetup32.dll 2013-04-10 01:18:58 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DSETUP.dll 2013-04-10 01:18:58 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DXSETUP.exe 2013-04-10 01:18:58 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\dsetup32.dll 2013-04-10 01:18:56 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-04-10 01:18:38 -------- d-----r- C:\Program Files\Online Services 2013-04-10 01:14:40 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys 2013-04-10 01:14:40 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys 2013-04-10 01:14:40 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys 2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-04-10 01:12:29 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2013-04-10 01:12:29 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2013-04-10 01:12:29 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll 2013-04-10 01:08:20 -------- d-----w- C:\Program Files (x86)\HP Games 2013-04-10 01:07:35 -------- d-----w- C:\ProgramData\WildTangent 2013-04-10 01:07:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games 2013-04-10 01:07:21 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink 2013-04-10 01:06:51 -------- d-----w- C:\ProgramData\install_clap 2013-04-10 01:06:41 -------- d-sh--w- C:\$RECYCLE.BIN 2013-04-10 01:06:40 377344 ----a-w- C:\windows\System32\hpbrprtmon.dll 2013-04-10 01:06:40 355840 ----a-w- C:\windows\System32\hpbprtmon.dll 2013-04-10 01:06:40 170496 ----a-w- C:\windows\System32\hpbprtmonui.dll 2013-04-10 01:06:26 -------- d-----r- C:\Program Files (x86)\Online Services 2013-04-10 01:04:25 27456 ----a-w- C:\windows\System32\drivers\cpqdfw.sys 2013-04-10 01:03:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-04-10 01:03:14 -------- d-----w- C:\ProgramData\Ralink Driver 2013-04-10 01:03:08 -------- d-----w- C:\ProgramData\AMD 2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-04-10 01:03:07 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-04-10 01:02:52 -------- d-----w- C:\Program Files\ATI 2013-04-10 01:02:52 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-04-10 01:02:40 15168 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll 2013-04-10 01:02:25 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2013-04-10 01:02:10 -------- d-----w- C:\Program Files\IDT 2013-04-10 01:01:00 117248 ----a-w- C:\windows\System32\HPMUIDir.exe 2013-04-10 00:58:23 6102016 ----a-w- C:\windows\System32\stlang64.dll 2013-04-10 00:58:23 41664 ----a-w- C:\windows\System32\Beats64.exe 2013-04-10 00:58:23 224256 ----a-w- C:\windows\System32\HPToneCtrls64.dll 2013-04-10 00:58:23 1821184 ----a-w- C:\windows\System32\IDTNC64.cpl 2013-04-10 00:58:23 1664000 ----a-w- C:\windows\sttray64.exe 2013-04-10 00:58:23 -------- d-----w- C:\ProgramData\SoundResearch 2013-04-10 00:58:17 0 ----a-w- C:\windows\ativpsrm.bin 2013-04-10 00:58:15 -------- d-----w- C:\Program Files\Common Files\ATI Technologies . ==================== Find6M ==================== . 2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-04-30 00:16:16 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-30 00:16:16 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-04-30 00:16:16 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-04-09 23:17:44 2242048 ----a-w- C:\windows\System32\wininet.dll 2013-04-09 23:17:36 915968 ----a-w- C:\windows\System32\uxtheme.dll 2013-04-09 23:16:58 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-04-09 22:30:26 1767424 ----a-w- C:\windows\SysWow64\wininet.dll 2013-04-09 22:29:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll 2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll 2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe 2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys 2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll 2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll 2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll 2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll 2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe 2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe 2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe 2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe 2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe 2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe 2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll 2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll 2013-04-09 04:51:20 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll 2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll 2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll 2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll 2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll 2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll 2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll 2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll 2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll 2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll 2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll 2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll 2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll 2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll 2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll 2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll 2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll 2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll 2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll 2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll 2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll 2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll 2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll 2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll 2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll 2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl 2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys 2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys 2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys 2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys 2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys 2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys 2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys 2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys 2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys 2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll 2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll 2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll 2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe 2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe 2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe 2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe 2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll 2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi 2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe 2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe 2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi 2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll 2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll 2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll . ============= FINISH: 7:48:12.83 =============== ------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 4/18/2013 8:03:44 PM System Uptime: 5/26/2013 6:56:39 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AD5 Processor: Intel® Core i7-3770 CPU @ 3.40GHz | | 3401/25mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 912 GiB total, 778.246 GiB free. D: is FIXED (NTFS) - 18 GiB total, 2.29 GiB free. E: is Removable F: is CDROM (UDF) G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP7: 4/30/2013 8:24:26 PM - Sweetspots virus RP8: 5/11/2013 6:41:51 PM - Before registry edit to remove sweetpacks RP9: 5/15/2013 3:00:08 AM - Windows Update RP10: 5/19/2013 5:06:38 PM - Windows Update RP12: 5/26/2013 7:44:34 AM - Revo Uninstaller Pro's restore point - µTorrent . ==== Installed Programs ====================== . Adobe Photoshop Elements 11 Adobe Premiere Elements 11 Adobe Reader XI (11.0.03) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager avast! Free Antivirus calibre Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client ComicRack v0.9.168 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dragon NaturallySpeaking 12 Dropbox Elements 11 Organizer ESET Online Scanner v3 Evoluent Mouse Manager Google Chrome Google Drive Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Customer Experience Enhancements HP Postscript Converter HP Registration Service HP Support Information HydraVision IDT Audio Intel® Management Engine Components Intel® Trusted Connect Service Client Java 7 Update 21 Java 7 Update 21 (64-bit) Java Auto Updater K-Lite Codec Pack 9.9.0 (Basic) LastPass(uninstall only) Malwarebytes Anti-Malware version 1.75.0.1300 MediaMonkey 4.0 Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 Parser and SDK Nitro Reader 3 Photo Common Photo Gallery Pokki Pokki Download Helper PRE11 STI 64Installer PSE11 STI Installer Ralink RT5390R 802.11bgn Wi-Fi Adapter Recovery Manager Revo Uninstaller Pro 3.0.5 Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.3 Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VLC media player 2.0.6 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 5/26/2013 6:56:42 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 5/26/2013 6:45:32 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 6:45:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} 5/26/2013 3:38:46 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 3:00:01 AM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 3:00:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB} 5/26/2013 2:22:10 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/25/2013 8:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 5/25/2013 8:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 5/25/2013 8:29:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service. 5/25/2013 8:29:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service. 5/25/2013 8:27:50 AM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Group Policy Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service. 5/25/2013 8:27:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. 5/25/2013 8:27:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 5/25/2013 8:26:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/25/2013 10:20:11 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/24/2013 9:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 5/24/2013 9:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 5/24/2013 9:40:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service. 5/24/2013 9:40:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 5/19/2013 9:58:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/19/2013 8:46:04 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: DNS Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service. 5/19/2013 8:45:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 5/19/2013 8:45:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 5/19/2013 8:44:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service. 5/19/2013 8:18:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. . ==== End Of File ===========================
  17. My girlfriend decided to download the digital media program known as "SAI" but inadvertantly also installed the "SweetPacks" toolbar. After some fiddling, I decided to run Malwarebytes and Spybot Search & Destroy. Spybot found several pieces of addware, and apparently cleaned them up, including sweetpacks. Malwarebytes continually becomes non responsive several hours into the scan, but 100000 files in, and still no problem files found. This all sounded good, except her home page is still sweetpacks and she still has the tool bar. I have run dss, and have the two reports, as shown below. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 Run by Savannah at 16:07:56 on 2013-05-03 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.1056 [GMT -7:00] . AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SearchProtect\bin\CltMngSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Windows\system32\WerCon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxext.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll mURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Search Spin Toolbar: {FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C} - c:\program files\search_spin\prxtbSear.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [searchProtect] c:\users\savannah\appdata\roaming\searchprotect\bin\cltmng.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{41FF72CF-98A8-4D8A-8336-8F21340D67B4} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI=UN13097975252358819&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN13097975252358819&UM=&q= FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\np-mswmp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\npConduitFirefoxPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-04-15 21:09; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-04-15 21:10; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF - ExtSQL: !HIDDEN! 2009-07-25 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-10 272432] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-25 25896] R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-3 40776] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-5-25 290304] R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-30 1245064] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-2 102448] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-03 20:48:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-03 20:47:34 -------- d-----w- c:\users\savannah\appdata\roaming\SearchProtect 2013-05-03 19:00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-05-03 19:00:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-05-03 18:57:36 -------- d-----w- c:\users\savannah\appdata\roaming\Malwarebytes 2013-05-03 18:57:18 -------- d-----w- c:\programdata\Malwarebytes 2013-05-03 18:57:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-03 18:57:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-30 09:12:38 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d1bf4a4c-09e3-47dd-b600-a9e1caba12c8}\mpengine.dll 2013-04-16 04:11:05 -------- d-----w- c:\program files\Conduit 2013-04-16 04:11:04 -------- d-----w- c:\users\savannah\appdata\roaming\SYSTEMAX Software Development 2013-04-16 04:11:04 -------- d-----w- c:\programdata\SYSTEMAX Software Development 2013-04-16 04:10:53 -------- d-----w- c:\users\savannah\appdata\local\Conduit 2013-04-16 04:10:53 -------- d-----w- c:\program files\Search_Spin 2013-04-16 04:10:39 -------- d-----w- c:\program files\SearchProtect 2013-04-16 04:10:38 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-16 04:10:38 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-16 04:10:07 -------- d-----w- c:\program files\SearchGBY 2013-04-16 00:16:08 -------- d-----w- c:\users\savannah\.thumbnails 2013-04-16 00:14:05 -------- d-----w- c:\users\savannah\appdata\local\fontconfig 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\appdata\local\gegl-0.2 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\.gimp-2.8 2013-04-16 00:07:42 -------- d-----w- c:\program files\GIMP 2 . ==================== Find3M ==================== . 2013-03-19 22:58:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 22:58:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-12 08:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 16:09:07.49 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 5/25/2009 5:18:13 AM System Uptime: 5/3/2013 1:46:23 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 140 GiB total, 52.839 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 9 Amazon Links AppCore Apple Application Support Apple Mobile Device Support Apple Software Update Backup Bonjour ccCommon CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system DVD MovieFactory for TOSHIBA GearDrvs GIMP 2.8.4 GoGear VIBE Device Manager Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java 6 Update 6 League of Legends LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Media Converter for Philips Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft XML Parser Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 Norton 360 (Symantec Corporation) Norton 360 HTMLHelp Norton Confidential Core Opera 11.60 PaintTool SAI Ver.1 Pando Media Booster Picasa 2 QuickBooks Financial Center QuickTime Razer Game Booster Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver REALTEK RTL8187B Wireless LAN Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library RuneScape Launcher 1.2.2 Search Protect by conduit Search Spin Toolbar Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) SPBBC 32bit Spybot - Search & Destroy Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update Installer for WildTangent Games App WildTangent Games WildTangent Games App (Toshiba Games) Windows Media Encoder 9 Series WinRAR 4.01 (32-bit) WinZip 16.5 World of Warcraft World of Warcraft Trial . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.