Jump to content

Search the Community

Showing results for tags 'malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi I joined this forum just so I can post this issue. I did a quick scan, and I received 3 counts of stolen.data along with something else. I didn't take any action for hours and hours until I accidentally clicked on remove selected a little bit ago. I don't think that will be enough. I looked around online and it seems that removing the malware through malwarebytes is not enough to remove it. Please guide me step by step on how to completely remove the malware in my log, and how to prevent this from happening again. mbam-log-2013-05-13 (22-55-09).txt
  2. Avast Infection details URL: http://37.122.208.38:8080/4D4F7F3A267611... Process:: C:\Users\Antoine\AppData\Local\jgmwastc.... Infection::URL:Mal Also notice Tuguu VAFPlayer SLV keeps popping up SpyBot Tell me what i need to do to help you help me THANKS
  3. Ran Malarebytes without finding this and can't seem to navigate to these popular sites in any of my browsers, Google, Firefox, IE. just get that screen asking to complete a survey, although malwarebytes has been blocking it all I get now is a blank page... after looking at the DDS file it looks like I have a few issues... your help is greatly appreciated heres the files from DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Administrator at 11:40:52 on 2013-05-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3067.1655 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\System32\snmp.exe C:\Program Files\AOL\DataMask by AOL\epservice.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files\AOL\DataMask by AOL\ep.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AOL\DataMask by AOL\dps.exe C:\Program Files\AOL\DataMask by AOL\pl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\taskeng.exe C:\Program Files\SetPoint\SetPoint.exe C:\Users\Administrator\Desktop\PCMeter\PCMeterV0.3.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k ipripsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\aol\datamask by aol\epbho32.dll BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\aol\datamask by aol\plbho32.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Akamai NetSession Interface] "c:\users\administrator\appdata\local\akamai\netsession_win.exe" mRun: [starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Data Protection Suite] "c:\program files\aol\datamask by aol\dps.exe" mRun: [PhishLock] "c:\program files\aol\datamask by aol\pl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [HostManager] c:\program files\common files\aol\1367732423\ee\AOLSoftware.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\14D616E64616 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\2656C6B696E6E2332663E2765756374737 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{4CE62BF1-B672-4A6D-802E-4CB49D5343DA} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\2516D6164616 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\34624472370264275656027596F56496 : DHCPNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\458656026456564696E676023547164796F6E6 : DHCPNameServer = 192.168.254.254 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\4596070797D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\86F6D656027457563747 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\E4F62747865627E61557563747D456564796E676 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{8A5F0E29-CD98-4B27-B1B0-8491E9616787} : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{B0A1DE32-301C-4595-BD15-84AD4E594649} : DHCPNameServer = 172.26.38.1 172.26.38.2 AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 184.22.81.15 www.imeetzu.com Hosts: 184.22.81.15 imeetzu.com Hosts: 184.22.81.15 www.omegle.com Hosts: 184.22.81.15 omegle.com Hosts: 184.22.81.15 www.runescape.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\oys2u84h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\free ride games\npExentCtl.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-03-25 09:13; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com FF - ExtSQL: 2013-04-22 13:25; sss@sentrybay.com; c:\program files\aol\datamask by aol\ffext FF - ExtSQL: 2013-04-25 10:53; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-4-24 40648] R1 MpKsl92a13521;MpKsl92a13521;c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys [2013-5-8 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2012-10-6 23184] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 EntryProtect;DataMask by AOL;c:\program files\aol\datamask by aol\epservice.exe [2012-11-13 45960] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-4-26 570664] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-4-26 390440] R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-30 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-30 701512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056] R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2013-3-15 40960] R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2012-4-28 46184] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224] R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2013-4-22 18240] R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-7 273448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-30 22856] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2013-3-15 375808] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-4-2 621568] S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\stem\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\stem\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-29 14848] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-29 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-22 1343400] . =============== Created Last 30 ================ . 2013-05-08 15:42:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys 2013-05-07 19:52:28 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\mpengine.dll 2013-05-07 10:42:45 53248 ----a-w- c:\windows\system32\CSVer.dll 2013-05-07 10:14:41 170512 ----a-w- c:\windows\system32\kemutb.dll 2013-05-07 10:14:40 84496 ----a-w- c:\windows\system32\KemXML.dll 2013-05-07 10:14:40 145936 ----a-w- c:\windows\system32\KemUtil.dll 2013-05-07 10:14:40 117264 ----a-w- c:\windows\system32\KemWnd.dll 2013-05-07 10:14:14 -------- d-----w- c:\program files\SetPoint 2013-05-07 10:09:51 -------- d-----w- c:\program files\Dell 2013-05-07 10:02:00 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-05-07 10:01:59 90112 ----a-w- c:\windows\system32\snymsico.dll 2013-05-07 10:01:59 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-05-07 10:01:59 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-05-07 10:01:59 172032 ----a-w- c:\windows\system32\rixdicon.dll 2013-05-07 10:00:04 -------- d-----w- c:\program files\Broadcom 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root\AddGadgets 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\Framework 2013-05-06 18:50:29 6906960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-05-05 05:41:31 -------- d-----w- c:\users\administrator\appdata\roaming\AOL 2013-05-05 05:41:13 58696 ----a-w- c:\windows\system32\AOLParconLink.exe 2013-05-05 05:41:13 -------- d-----w- c:\programdata\Viewpoint 2013-05-05 05:41:13 -------- d-----w- c:\program files\Viewpoint 2013-05-05 05:40:41 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys 2013-05-05 05:40:32 -------- d-----w- c:\users\administrator\appdata\local\AOL 2013-05-05 05:40:08 -------- d-----w- c:\program files\common files\AOL 2013-05-05 05:40:07 -------- d-----w- c:\program files\common files\aolshare 2013-05-05 05:40:07 -------- d-----w- c:\program files\AOL Desktop 9.7 2013-05-04 01:43:48 -------- d-----w- c:\users\administrator\appdata\roaming\Hotspot Shield 2013-05-01 05:28:54 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com 2013-05-01 05:28:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-05-01 05:28:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-05-01 04:12:49 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes 2013-05-01 04:12:32 -------- d-----w- c:\programdata\Malwarebytes 2013-05-01 04:12:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-01 04:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-01 04:10:08 -------- d-----w- c:\users\administrator\appdata\local\Programs 2013-04-25 17:54:11 -------- d-----w- c:\users\administrator\appdata\roaming\RealNetworks 2013-04-25 17:53:35 -------- d-----w- c:\program files\RealNetworks 2013-04-25 17:53:32 -------- d-----w- c:\programdata\RealNetworks 2013-04-25 17:53:22 -------- d-----w- c:\program files\common files\xing shared 2013-04-25 03:26:58 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-25 03:26:58 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-25 03:26:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-24 19:25:44 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-04-24 19:12:34 40648 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-04-23 20:02:54 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2013-04-23 20:02:54 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{42322a06-2bea-4729-adc4-f3a9fdbf2a16}\gapaengine.dll 2013-04-23 18:09:01 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 04:43:38 -------- d-----w- c:\users\administrator\appdata\roaming\WinZip 2013-04-22 21:53:18 -------- d-----w- c:\programdata\TamoSoft 2013-04-22 21:52:32 -------- d-----w- c:\program files\CommViewWiFi 2013-04-22 21:04:37 -------- d-----w- c:\users\administrator\appdata\local\WinZip 2013-04-22 20:27:11 -------- d-----w- c:\users\administrator\appdata\roaming\SentryBay 2013-04-22 20:25:00 18240 ----a-w- c:\windows\system32\drivers\epfilter.sys 2013-04-22 20:24:30 -------- d-----w- c:\programdata\SentryBay 2013-04-22 19:01:59 -------- d-----w- c:\users\administrator\appdata\local\SentryBay 2013-04-22 19:01:59 -------- d-----w- c:\program files\SentryBay 2013-04-22 01:35:31 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL 2013-04-18 18:04:41 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-18 18:04:40 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-12 20:39:18 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-12 20:39:16 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-12 20:39:14 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-12 20:39:14 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-12 20:39:13 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-12 20:39:13 38912 ----a-w- c:\windows\system32\csrsrv.dll . ==================== Find3M ==================== . 2013-05-05 04:46:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-05 04:46:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-24 13:26:08 124 ----a-w- c:\users\administrator\advanced_ip_scanner_MAC.bin 2013-03-24 13:26:07 387 ----a-w- c:\users\administrator\advanced_ip_scanner_Favorites.bin 2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32:46 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 11:41:42.31 =============== Attach file: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/21/2012 6:25:04 PM System Uptime: 5/8/2013 8:42:05 AM (3 hours ago) . Motherboard: Dell Inc. | | 0P786H Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 238.33 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP69: 4/22/2013 2:53:53 PM - Device Driver Package Install: TamoSoft Network Service RP70: 4/23/2013 1:02:03 PM - Windows Update RP71: 4/24/2013 8:26:26 PM - Installed Java 7 Update 21 RP72: 4/29/2013 4:18:05 PM - Windows Update RP73: 5/3/2013 9:27:43 AM - Windows Update RP74: 5/3/2013 6:44:47 PM - Device Driver Package Install: Anchorfree Inc Network Service RP75: 5/3/2013 6:45:57 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters RP76: 5/3/2013 7:05:34 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters RP77: 5/6/2013 11:50:03 AM - Windows Update RP78: 5/6/2013 5:05:25 PM - Removed InstallIQ Updater RP79: 5/7/2013 2:59:36 AM - Installed Broadcom Gigabit NetLink Controller. RP81: 5/7/2013 3:01:49 AM - Installed RICOH Media Driver ver.2.07.01.00 RP82: 5/7/2013 3:09:39 AM - Installed QuickSet. RP84: 5/7/2013 3:17:59 AM - Installed RICOH Media Driver ver.2.07.01.00 RP85: 5/7/2013 12:51:02 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 184.22.81.15 www.imeetzu.com Hosts: 184.22.81.15 imeetzu.com Hosts: 184.22.81.15 www.omegle.com Hosts: 184.22.81.15 omegle.com Hosts: 184.22.81.15 www.runescape.com Hosts: 184.22.81.15 runescape.com Hosts: 184.22.81.15 google.com Hosts: 184.22.81.15 www.google.ae Hosts: 184.22.81.15 www.google.com.af Hosts: 184.22.81.15 www.google.com.ag Hosts: 184.22.81.15 www.google.off.ai Hosts: 184.22.81.15 www.google.am Hosts: 184.22.81.15 www.google.com.ar Hosts: 184.22.81.15 www.google.as Hosts: 184.22.81.15 www.google.at Hosts: 184.22.81.15 www.google.com.au Hosts: 184.22.81.15 www.google.az Hosts: 184.22.81.15 www.google.ba Hosts: 184.22.81.15 www.google.com.bd Hosts: 184.22.81.15 www.google.be Hosts: 184.22.81.15 www.google.bg Hosts: 184.22.81.15 www.google.com.bh Hosts: 184.22.81.15 www.google.bi Hosts: 184.22.81.15 www.google.com.bo Hosts: 184.22.81.15 www.google.com.br Hosts: 184.22.81.15 www.google.bs Hosts: 184.22.81.15 www.google.co.bw Hosts: 184.22.81.15 www.google.com.bz Hosts: 184.22.81.15 www.google.ca Hosts: 184.22.81.15 www.google.cd Hosts: 184.22.81.15 www.google.cg Hosts: 184.22.81.15 www.google.ch Hosts: 184.22.81.15 www.google.ci Hosts: 184.22.81.15 www.google.co.ck Hosts: 184.22.81.15 www.google.cl Hosts: 184.22.81.15 www.google.cn Hosts: 184.22.81.15 www.google.com.co Hosts: 184.22.81.15 www.google.co.cr Hosts: 184.22.81.15 www.google.com.cu Hosts: 184.22.81.15 www.google.cz Hosts: 184.22.81.15 www.google.de Hosts: 184.22.81.15 www.google.dj Hosts: 184.22.81.15 www.google.dk Hosts: 184.22.81.15 www.google.dm Hosts: 184.22.81.15 www.google.com.do Hosts: 184.22.81.15 www.google.com.ec Hosts: 184.22.81.15 www.google.ee Hosts: 184.22.81.15 www.google.com.eg Hosts: 184.22.81.15 www.google.es Hosts: 184.22.81.15 www.google.com.et Hosts: 184.22.81.15 www.google.fi Hosts: 184.22.81.15 www.google.com.fj Hosts: 184.22.81.15 www.google.fm Hosts: 184.22.81.15 www.google.fr Hosts: 184.22.81.15 www.google.ge Hosts: 184.22.81.15 www.google.gg Hosts: 184.22.81.15 www.google.com.gi Hosts: 184.22.81.15 www.google.gl Hosts: 184.22.81.15 www.google.gm Hosts: 184.22.81.15 www.google.gr Hosts: 184.22.81.15 www.google.com.gt Hosts: 184.22.81.15 www.google.gy Hosts: 184.22.81.15 www.google.com.hk Hosts: 184.22.81.15 www.google.hn Hosts: 184.22.81.15 www.google.hr Hosts: 184.22.81.15 www.google.ht Hosts: 184.22.81.15 www.google.hu Hosts: 184.22.81.15 www.google.co.id Hosts: 184.22.81.15 www.google.ie Hosts: 184.22.81.15 www.google.co.il Hosts: 184.22.81.15 www.google.co.im Hosts: 184.22.81.15 www.google.co.in Hosts: 184.22.81.15 www.google.is Hosts: 184.22.81.15 www.google.it Hosts: 184.22.81.15 www.google.co.je Hosts: 184.22.81.15 www.google.com.jm Hosts: 184.22.81.15 www.google.jo Hosts: 184.22.81.15 www.google.co.jp Hosts: 184.22.81.15 www.google.co.ke Hosts: 184.22.81.15 www.google.kg Hosts: 184.22.81.15 www.google.co.kr Hosts: 184.22.81.15 www.google.kz Hosts: 184.22.81.15 www.google.li Hosts: 184.22.81.15 www.google.lk Hosts: 184.22.81.15 www.google.co.ls Hosts: 184.22.81.15 www.google.lt Hosts: 184.22.81.15 www.google.lu Hosts: 184.22.81.15 www.google.lv Hosts: 184.22.81.15 www.google.com.ly Hosts: 184.22.81.15 www.google.co.ma Hosts: 184.22.81.15 www.google.md Hosts: 184.22.81.15 www.google.mn Hosts: 184.22.81.15 www.google.ms Hosts: 184.22.81.15 www.google.com.mt Hosts: 184.22.81.15 www.google.mu Hosts: 184.22.81.15 www.google.mw Hosts: 184.22.81.15 www.google.com.mx Hosts: 184.22.81.15 www.google.com.my Hosts: 184.22.81.15 www.google.com.na Hosts: 184.22.81.15 www.google.com.nf Hosts: 184.22.81.15 www.google.com.ng Hosts: 184.22.81.15 www.google.com.ni Hosts: 184.22.81.15 www.google.nl Hosts: 184.22.81.15 www.google.no Hosts: 184.22.81.15 www.google.com.np Hosts: 184.22.81.15 www.google.nr Hosts: 184.22.81.15 www.google.nu Hosts: 184.22.81.15 www.google.co.nz Hosts: 184.22.81.15 www.google.com.om Hosts: 184.22.81.15 www.google.com.pa Hosts: 184.22.81.15 www.google.com.pe Hosts: 184.22.81.15 www.google.com.ph Hosts: 184.22.81.15 www.google.com.pk Hosts: 184.22.81.15 www.google.pl Hosts: 184.22.81.15 www.google.pn Hosts: 184.22.81.15 www.google.com.pr Hosts: 184.22.81.15 www.google.pt Hosts: 184.22.81.15 www.google.com.py Hosts: 184.22.81.15 www.google.com.qa Hosts: 184.22.81.15 www.google.ro Hosts: 184.22.81.15 www.google.rw Hosts: 184.22.81.15 www.google.com.sa Hosts: 184.22.81.15 www.google.com.sb Hosts: 184.22.81.15 www.google.sc Hosts: 184.22.81.15 www.google.se Hosts: 184.22.81.15 www.google.com.sg Hosts: 184.22.81.15 www.google.sh Hosts: 184.22.81.15 www.google.si Hosts: 184.22.81.15 www.google.sk Hosts: 184.22.81.15 www.google.sn Hosts: 184.22.81.15 www.google.sm Hosts: 184.22.81.15 www.google.com.sv Hosts: 184.22.81.15 www.google.co.th Hosts: 184.22.81.15 www.google.com.tj Hosts: 184.22.81.15 www.google.tm Hosts: 184.22.81.15 www.google.to Hosts: 184.22.81.15 www.google.tp Hosts: 184.22.81.15 www.google.com.tr Hosts: 184.22.81.15 www.google.tt Hosts: 184.22.81.15 www.google.com.tw Hosts: 184.22.81.15 www.google.com.ua Hosts: 184.22.81.15 www.google.co.ug Hosts: 184.22.81.15 www.google.com.uy Hosts: 184.22.81.15 www.google.co.uz Hosts: 184.22.81.15 www.google.com.vc Hosts: 184.22.81.15 www.google.co.ve Hosts: 184.22.81.15 www.google.vg Hosts: 184.22.81.15 www.google.co.vi Hosts: 184.22.81.15 www.google.com.vn Hosts: 184.22.81.15 www.google.vu Hosts: 184.22.81.15 www.google.ws Hosts: 184.22.81.15 www.google.co.za Hosts: 184.22.81.15 www.google.co.zm Hosts: 184.22.81.15 google.ae Hosts: 184.22.81.15 google.com.af Hosts: 184.22.81.15 google.com.ag Hosts: 184.22.81.15 google.off.ai Hosts: 184.22.81.15 google.am Hosts: 184.22.81.15 google.com.ar Hosts: 184.22.81.15 google.as Hosts: 184.22.81.15 google.at Hosts: 184.22.81.15 google.com.au Hosts: 184.22.81.15 google.az Hosts: 184.22.81.15 google.ba Hosts: 184.22.81.15 google.com.bd Hosts: 184.22.81.15 google.be Hosts: 184.22.81.15 google.bg Hosts: 184.22.81.15 google.com.bh Hosts: 184.22.81.15 google.bi Hosts: 184.22.81.15 google.com.bo Hosts: 184.22.81.15 google.com.br Hosts: 184.22.81.15 google.bs Hosts: 184.22.81.15 google.co.bw Hosts: 184.22.81.15 google.com.bz Hosts: 184.22.81.15 google.ca Hosts: 184.22.81.15 google.cd Hosts: 184.22.81.15 google.cg Hosts: 184.22.81.15 google.ch Hosts: 184.22.81.15 google.ci Hosts: 184.22.81.15 google.co.ck Hosts: 184.22.81.15 google.cl Hosts: 184.22.81.15 google.cn Hosts: 184.22.81.15 google.com.co Hosts: 184.22.81.15 google.co.cr Hosts: 184.22.81.15 google.com.cu Hosts: 184.22.81.15 google.cz Hosts: 184.22.81.15 google.de Hosts: 184.22.81.15 google.dj Hosts: 184.22.81.15 google.dk Hosts: 184.22.81.15 google.dm Hosts: 184.22.81.15 google.com.do Hosts: 184.22.81.15 google.com.ec Hosts: 184.22.81.15 google.ee Hosts: 184.22.81.15 google.com.eg Hosts: 184.22.81.15 google.es Hosts: 184.22.81.15 google.com.et Hosts: 184.22.81.15 google.fi Hosts: 184.22.81.15 google.com.fj Hosts: 184.22.81.15 google.fm Hosts: 184.22.81.15 google.fr Hosts: 184.22.81.15 google.ge Hosts: 184.22.81.15 google.gg Hosts: 184.22.81.15 google.com.gi Hosts: 184.22.81.15 google.gl Hosts: 184.22.81.15 google.gm Hosts: 184.22.81.15 google.gr Hosts: 184.22.81.15 google.com.gt Hosts: 184.22.81.15 google.gy Hosts: 184.22.81.15 google.com.hk Hosts: 184.22.81.15 google.hn Hosts: 184.22.81.15 google.hr Hosts: 184.22.81.15 google.ht Hosts: 184.22.81.15 google.hu Hosts: 184.22.81.15 google.co.id Hosts: 184.22.81.15 google.ie Hosts: 184.22.81.15 google.co.il Hosts: 184.22.81.15 google.co.im Hosts: 184.22.81.15 google.co.in Hosts: 184.22.81.15 google.is Hosts: 184.22.81.15 google.it Hosts: 184.22.81.15 google.co.je Hosts: 184.22.81.15 google.com.jm Hosts: 184.22.81.15 google.jo Hosts: 184.22.81.15 google.co.jp Hosts: 184.22.81.15 google.co.ke Hosts: 184.22.81.15 google.kg Hosts: 184.22.81.15 google.co.kr Hosts: 184.22.81.15 google.kz Hosts: 184.22.81.15 google.li Hosts: 184.22.81.15 google.lk Hosts: 184.22.81.15 google.co.ls Hosts: 184.22.81.15 google.lt Hosts: 184.22.81.15 google.lu Hosts: 184.22.81.15 google.lv Hosts: 184.22.81.15 google.com.ly Hosts: 184.22.81.15 google.co.ma Hosts: 184.22.81.15 google.md Hosts: 184.22.81.15 google.mn Hosts: 184.22.81.15 google.ms Hosts: 184.22.81.15 google.com.mt Hosts: 184.22.81.15 google.mu Hosts: 184.22.81.15 google.mw Hosts: 184.22.81.15 google.com.mx Hosts: 184.22.81.15 google.com.my Hosts: 184.22.81.15 google.com.na Hosts: 184.22.81.15 google.com.nf Hosts: 184.22.81.15 google.com.ng Hosts: 184.22.81.15 google.com.ni Hosts: 184.22.81.15 google.nl Hosts: 184.22.81.15 google.no Hosts: 184.22.81.15 google.com.np Hosts: 184.22.81.15 google.nr Hosts: 184.22.81.15 google.nu Hosts: 184.22.81.15 google.co.nz Hosts: 184.22.81.15 google.com.om Hosts: 184.22.81.15 google.com.pa Hosts: 184.22.81.15 google.com.pe Hosts: 184.22.81.15 google.com.ph Hosts: 184.22.81.15 google.com.pk Hosts: 184.22.81.15 google.pl Hosts: 184.22.81.15 google.pn Hosts: 184.22.81.15 google.com.pr Hosts: 184.22.81.15 google.pt Hosts: 184.22.81.15 google.com.py Hosts: 184.22.81.15 google.com.qa Hosts: 184.22.81.15 google.ro Hosts: 184.22.81.15 google.ru Hosts: 184.22.81.15 google.rw Hosts: 184.22.81.15 google.com.sa Hosts: 184.22.81.15 google.com.sb Hosts: 184.22.81.15 google.sc Hosts: 184.22.81.15 google.se Hosts: 184.22.81.15 google.com.sg Hosts: 184.22.81.15 google.sh Hosts: 184.22.81.15 google.si Hosts: 184.22.81.15 google.sk Hosts: 184.22.81.15 google.sn Hosts: 184.22.81.15 google.sm Hosts: 184.22.81.15 google.com.sv Hosts: 184.22.81.15 google.co.th Hosts: 184.22.81.15 google.com.tj Hosts: 184.22.81.15 google.tm Hosts: 184.22.81.15 google.to Hosts: 184.22.81.15 google.tp Hosts: 184.22.81.15 google.com.tr Hosts: 184.22.81.15 google.tt Hosts: 184.22.81.15 google.com.tw Hosts: 184.22.81.15 google.com.ua Hosts: 184.22.81.15 google.co.ug Hosts: 184.22.81.15 google.co.uk Hosts: 184.22.81.15 google.com.uy Hosts: 184.22.81.15 google.co.uz Hosts: 184.22.81.15 google.com.vc Hosts: 184.22.81.15 google.co.ve Hosts: 184.22.81.15 google.vg Hosts: 184.22.81.15 google.co.vi Hosts: 184.22.81.15 google.com.vn Hosts: 184.22.81.15 google.vu Hosts: 184.22.81.15 google.ws Hosts: 184.22.81.15 google.co.za Hosts: 184.22.81.15 google.co.zm Hosts: 184.22.81.15 www.youtube.com Hosts: 184.22.81.15 youtube.com Hosts: 184.22.81.15 msn.com Hosts: 184.22.81.15 facebook.com Hosts: 184.22.81.15 www.yahoo.com Hosts: 184.22.81.15 yahoo.com Hosts: 184.22.81.15 www.hotmail.com Hosts: 184.22.81.15 hotmail.com Hosts: 184.22.81.15 www.bing.com Hosts: 184.22.81.15 bing.com Hosts: 184.22.81.15 www.twitter.com Hosts: 184.22.81.15 twitter.com Hosts: 184.22.81.15 myspace.com Hosts: 184.22.81.15 192.168.1.254 Hosts: 184.22.81.15 localhost Hosts: 184.22.81.15 www.wordpress.org Hosts: 184.22.81.15 wordpress.org Hosts: 184.22.81.15 wikipedia.org Hosts: 184.22.81.15 www.wikipedia.org Hosts: 184.22.81.15 blogspot.com Hosts: 184.22.81.15 wordpress.com Hosts: 184.22.81.15 live.com Hosts: 184.22.81.15 www.ebay.com Hosts: 184.22.81.15 ebay.com Hosts: 184.22.81.15 www.amazon.com Hosts: 184.22.81.15 amazon.com Hosts: 184.22.81.15 www.tumblr.com Hosts: 184.22.81.15 tumblr.com Hosts: 184.22.81.15 www.paypal.com Hosts: 184.22.81.15 paypal.com Hosts: 184.22.81.15 imdb.com Hosts: 184.22.81.15 www.imdb.com Hosts: 184.22.81.15 www.steampowered.com Hosts: 184.22.81.15 steampowered.com Hosts: 184.22.81.15 minecraft.com Hosts: 184.22.81.15 www.minecraft.net Hosts: 184.22.81.15 minecraft.net Hosts: 184.22.81.15 www.minecraft.com Hosts: 184.22.81.15 www.google.com/search ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Akamai NetSession Interface AOL Uninstaller (Choose which Products to Remove) AppGraffiti Apple Software Update Broadcom Gigabit NetLink Controller CDDRV_Installer CommView for WiFi Cricket Broadband 1.0 DataMask by AOL DefaultTab DefaultTab Chrome Driver Genius Professional Edition Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hotspot Shield 2.93 Java 7 Update 21 Java Auto Updater KhalInstallWrapper Living 3D Dolphin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service QuickSet RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer REALTEK Wireless LAN Driver and Utility RealUpgrade 1.1 RICOH Media Driver ver.2.07.01.00 Roads of Rome Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) SetPoint SUPERAntiSpyware Swarm Gold The Treasures of Montezuma U3Launcher Unlikely Suspects Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Viewpoint Media Player Windows 7 USB/DVD Download Tool WinZip 17.0 . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 8:46:37 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified. 5/8/2013 8:42:42 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DefaultTabSearch service to connect. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the file specified. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabSearch service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/8/2013 8:42:18 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 5/8/2013 8:42:18 AM, Error: atikmdag [43029] - Display is not active 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 5/6/2013 6:14:14 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243 5/4/2013 9:36:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 9:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} 5/4/2013 9:16:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1176.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 9:16:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/4/2013 9:06:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/4/2013 9:06:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/4/2013 9:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 5/4/2013 10:40:37 PM, Error: Service Control Manager [7030] - The AOL Connectivity Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/3/2013 7:06:03 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2013 7:05:59 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
  4. I am on Windows 7 laptop using Chrome as my primary browser. I tried to install and run Malwarebytes so I can try to find the source of some very annoying popups in my lower left and right hand corners of all browsers. I turned off my firewall and Microsoft Security Essentials before installation. When it tries to open I get the message "Run-time error '339': Component 'ieframe.dll' or one of its dependencies not correctly registered: a file is missing or invalid" I went ahead and ran the DDS tool. Here are the two logs that came back. "DDS log" DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.21.2 Run by Laura at 18:48:18 on 2013-05-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2381 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/405 mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [uIoqcMjUXy.exe] C:\ProgramData\UIoqcMjUXy.exe uRun: [Microsoft] C:\Program Files (x86)\MSBuild\Microsoft\MSServices.lnk mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\26F69746 : DHCPNameServer = 64.53.83.131 165.166.142.42 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\44162797C6 : DHCPNameServer = 24.159.64.23 24.217.201.67 66.189.0.100 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\7657563747D277966696 : DHCPNameServer = 10.189.200.236 10.189.200.237 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\D4D4723702E4564777F627B6 : DHCPNameServer = 10.0.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\6gw0c2tm.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-20 2320920] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-11 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-20 271872] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-11-20 1093152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-20 245792] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== File Associations =============== . .js: <filetype is not registered> .jse: <filetype is not registered> . =============== Created Last 30 ================ . 2013-05-03 23:25:47 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A661A486-DFB3-412D-8D30-D5AE436D220A}\mpengine.dll 2013-05-03 23:24:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-03 23:24:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-03 23:04:14 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes 2013-05-03 23:03:58 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-03 23:03:29 -------- d-----w- C:\Users\Laura\AppData\Local\Programs 2013-04-28 03:15:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 00:00:26 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D4AE7CE-A8CD-4B2F-AC1D-CFC699596E6D}\gapaengine.dll 2013-04-28 00:00:10 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-27 23:42:58 -------- d-----r- C:\Users\Laura\Dropbox 2013-04-27 23:42:40 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-14 23:34:03 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 23:34:03 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 18:48:37.96 =============== "Attach log" . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2010 10:53:49 AM System Uptime: 5/3/2013 6:15:41 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1425 Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 281 GiB total, 213.551 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2.492 GiB free. E: is CDROM () F: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP453: 2/28/2013 4:45:32 PM - Windows Update RP454: 3/3/2013 6:39:17 PM - Windows Update RP455: 3/8/2013 10:09:33 PM - Windows Update RP456: 3/8/2013 11:20:11 PM - Windows Update RP457: 3/12/2013 6:38:51 PM - Windows Update RP458: 3/16/2013 9:49:24 AM - Windows Update RP459: 3/19/2013 9:26:27 PM - Windows Update RP461: 3/24/2013 2:49:37 PM - Windows Modules Installer RP462: 3/24/2013 3:13:55 PM - Windows Update RP463: 3/29/2013 4:21:09 PM - Windows Update RP464: 4/7/2013 5:00:25 PM - Windows Update RP465: 4/14/2013 8:23:11 PM - Windows Update RP466: 4/27/2013 6:36:10 PM - Windows Update RP467: 4/27/2013 7:44:20 PM - Windows Update RP468: 4/27/2013 10:14:05 PM - Removed Java 6 Update 26 RP469: 4/27/2013 10:14:55 PM - Installed Java 7 Update 21 RP470: 5/3/2013 5:03:45 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 MUI Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm C4700 CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam D3DX10 Dropbox e-Sword Energy Star Digital Logo ESU for Microsoft Windows 7 Google Chrome Google Talk Plugin Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Documentation HP MediaSmart CinemaNow 2.0 HP Photo Creations HP Power Manager HP Product Detection HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Update HP Wireless Assistant HPPhotoGadget iCloud Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java 7 Update 21 Java Auto Updater Java 6 Update 20 (64-bit) Junk Mail filter update LabelPrint Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MindPoint Quiz Show MobileMe Control Panel Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 PDF Reader PhotoNow! Power2Go PowerDirector PS_AIO_06_C4700_SW_Min QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Software Recovery Manager Roxio CinemaNow 2.0 RtVOsd Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Synaptics Pointing Device Driver The Football News App Installer Theme Manager v 1.0 Toolbox Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio 2010 x64 Redistributables WebReg Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZB Handwriting GR 1 . ==== Event Viewer Messages From Past Week ======== . 5/3/2013 6:18:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player. 5/3/2013 6:17:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  5. Hey all! I have recently removed a Trojen, Magnipic, from my computer. Now that I have scanned my computer and have found no corrupt files, I have noticed I am unable to open some, but not all .exe applications. Would anyone be as kind to guide me through some steps to fix this issue? Thank you very much! Dominic.
  6. Hi There I have, it seems had the codec-c virus on my computer for possibly 1 and a half to 2 years. I only discovered it last night as my computer has been behaving strangely (possibly not related to codec-c as it is recent) so I decided to check out if there were any suspicious programs that needed un-installing. So I found about 6 that were adware or spyware and deleted them, some easier than others. I was left with codec-c which Wouldnt allow me to un-install with control panel and i have tried all over the net and cannot find a straight forward solution that I feel comfortable with paying around with without having someone more experienced to talk me through it. I am afraid I may make things worse. I realised it was codec-c when I read that a common symptom is the disappearance of you 'all programs' list and inability to search in start menu. I have had this problem for almost 2 years. I found some fixes online but many were instructions to download other software and I was worried about doing that for obvious reasons. I also read that tdsskiller has completely killed somebodies computer so I didnt want to download it without advice. It is such a mine field with many different choices! Anyway in the end I found a manual fix. Step1. I was to delete the Crossfire Web Player from my program files - I couldnt find it. Step 2. I was to delete the C:\ProgramData\Codec-c files - I managed to find that and deleted that. Step 3. Something about a regedit - i know this can be fatal if you do it wrong and I have no idea what I am doing with regedit. Finally, completing Step 2 I was able to delete Codec-C from the control panel and from my google chrome add-ons but I have read that the virus will still be infecting my computer. My all programs are still the same....not there. Please, please can you help I am at my wits end and I am worried for my laptop as I actually use it for my work. My operating system is Windows 7 64bit. Look forward to any replies. thank you in advance
  7. Everytime I run malware bytes scan, I remove these two items but they show up again in the next scan. Is there a way to remove them fully from my system?? Any help would be much appreciated.
  8. Hello Folks! So my Fiancee was browsing around on Pintrest the other night, and she clicked a pin to show it in a bigger view. Then after you have the option to click the pin again and it will take you to the website associated with that pin. As soon as she clicked and her computer navigated to that website she saw a quick download flash across her screen and then it went black. When it came back on a moment later she had the FBI Moneypak Virus and she wasn't able to go into any recovery or safemode with the exception of the command prompt. Really just be careful with what you see posted and what you're clicking. If possible try and have some sort of virus protection that can scan the webpages you're about to visit and give you a heads up. -David
  9. Hello everyone, My Fiancee just recently got the FBI Moneypak virus on her laptop and it wont let her boot to anything but to windows with command prompt unless she logs into the Admin account (password unknown and is not blank). Is there anyone who can help me with this?
  10. I've never had problems with CPU usage spikes and/or the Chrome browser until this morning. While downloading the utility to download a video, I accidently downloaded a bunch of toolbars. Who knows what else also hitched a ride in the process. Immediately following the download, my CPU use spiked over 90% and continued to climb. My Chrome browser stopped responding, which is something I never have encountered. Typically Chrome with the number of tabs I keep open doesn't gobble up more than 20% of my CPU. I ran the Malwarebytes Quick Scan which flagged 2 occurrences of PUP.215. (Prior to this scan, my daily scans have been clean.) I deleted these 2 occurrences and ran the Quick Scan again. However, they were once again flagged. So I rebooted and ran Quick Scan once again. Wash, rinse, repeat. Eventually PUP.215 was no longer flagged by Quick Scan. However, when I relaunched Chrome, CPU use once again spiked to over 90% and Chrome once again became unresponsive. As I said previously, I've never had a problem with Chrome until immediately after I downloaded this video download utility. No similar problems with Firefox. --------------------- Following the instructions in the forum, I downloaded DDS and ran the utility. I also downloaded and ran RogueKiller. The logs are included below. --------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by admin at 8:57:18 on 2013-04-22 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5706.3951 [GMT -7:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Elantech\ETDService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Launch Manager\LManager.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\dashost.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\notepad.exe C:\Windows\RfBtnSvc64.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://acer13.msn.com uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll uRun: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [LManager] <no file> StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5A148809-A31E-4F10-9D59-645FE05FA557} : DHCPNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\ FF - prefs.js: browser.search.selectedEngine - - FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff10.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff4.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff9.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-03-24 07:30; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF - ExtSQL: 2013-03-29 21:33; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn FF - ExtSQL: 2013-03-30 22:11; client@anonymox.net; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\client@anonymox.net.xpi FF - ExtSQL: 2013-04-11 08:54; putlockerdownloader3@putlockerdownloader.com; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\putlockerdownloader3@putlockerdownloader.com.xpi FF - ExtSQL: 2013-04-22 05:25; gophoto@gophoto.it; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\gophoto@gophoto.it.xpi . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-4 239616] R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-12-18 199008] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-21 348784] R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-21 85904] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-18 2457232] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 701512] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-22 259136] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-12-18 93296] R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-12-18 81536] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-9-4 98472] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096] R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-22 658576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-25 138912] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-21 319888] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSviA64.sys [2013-4-19 513184] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-4 110744] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-1 25928] R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-12-18 26736] R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656] R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800] R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416] R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-18 57000] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symelam.sys [2013-4-15 23448] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-12-18 340112] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-04-22 11:49:25 -------- d-----w- C:\ProgramData\Babylon 2013-04-22 11:49:24 -------- d-----w- C:\Users\admin\AppData\Roaming\Babylon 2013-04-22 11:49:20 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2013-04-22 11:47:52 -------- d-----w- C:\Users\admin\AppData\Local\PutLockerDownloader 2013-04-22 11:47:43 -------- d-----w- C:\Program Files (x86)\PutLockerDownloader 2013-04-19 03:39:48 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin 2013-04-18 12:21:43 -------- d-----w- C:\Users\admin\.thumbnails 2013-04-18 12:13:53 -------- d-----w- C:\Users\admin\AppData\Local\fontconfig 2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\AppData\Local\gegl-0.2 2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\.gimp-2.8 2013-04-18 12:09:26 -------- d-----w- C:\Program Files\GIMP 2 2013-04-16 03:35:49 -------- d-----w- C:\Program Files (x86)\Metability Software 2013-04-16 03:34:17 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools 2013-04-16 02:24:08 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys 2013-04-16 02:24:08 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys 2013-04-16 02:24:08 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403010.016\symelam.sys 2013-04-16 02:24:08 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys 2013-04-16 02:24:07 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtsp64.sys 2013-04-16 02:24:07 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtspx64.sys 2013-04-16 02:24:07 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys 2013-04-16 02:24:07 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys 2013-04-16 02:23:41 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403010.016 2013-04-15 04:57:46 -------- d-----w- C:\Windows\en 2013-04-15 04:57:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-04-15 04:56:43 -------- d-----w- C:\Windows\PCHEALTH 2013-04-15 04:56:08 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2013-04-15 04:56:08 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2013-04-15 04:56:08 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2013-04-15 04:56:08 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2013-04-15 04:56:06 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2013-04-15 04:56:04 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2013-04-15 04:55:29 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2013-04-15 04:55:29 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2013-04-15 04:55:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2013-04-15 04:55:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2013-04-15 04:54:25 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DSETUP.dll 2013-04-15 04:54:25 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DXSETUP.exe 2013-04-15 04:54:25 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\dsetup32.dll 2013-04-15 04:54:21 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DSETUP.dll 2013-04-15 04:54:21 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DXSETUP.exe 2013-04-15 04:54:21 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\dsetup32.dll 2013-04-15 04:54:11 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DSETUP.dll 2013-04-15 04:54:11 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DXSETUP.exe 2013-04-15 04:54:11 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\dsetup32.dll 2013-04-15 04:54:05 -------- d-----w- C:\Users\admin\AppData\Local\Windows Live 2013-04-15 04:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-04-12 03:37:59 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-04-12 01:39:26 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-04-12 01:39:26 1011200 ----a-w- C:\Windows\System32\reseteng.dll 2013-04-12 01:38:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-12 01:38:03 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-12 01:38:02 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-04-11 03:47:06 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-11 02:55:57 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 04:35:06 -------- d-----w- C:\Users\admin\VirtualBox VMs 2013-04-04 04:06:43 -------- d-----w- C:\Users\admin\.VirtualBox 2013-04-04 04:03:30 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-04-04 04:03:12 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-04-04 04:03:01 -------- d-----w- C:\Program Files\Oracle 2013-03-31 03:40:13 -------- d-----w- C:\bookmarkbackups firefox win8 2013-03-30 06:00:24 708168 ----a-w- C:\Windows\System32\winusbcoinstaller.dll 2013-03-30 06:00:24 1533512 ----a-w- C:\Windows\System32\wudfupdate_01007.dll 2013-03-30 06:00:06 1490656 ----a-w- C:\Windows\System32\wdfcoinstaller01007.dll 2013-03-30 05:59:39 -------- d-----w- C:\Program Files (x86)\DriverTools 2013-03-30 05:57:09 -------- d-----w- C:\Android Phone Driver 2013-03-29 04:33:44 -------- d-----w- C:\Users\admin\.android 2013-03-28 16:40:09 -------- d-----w- C:\Users\admin\AppData\Local\Eclipse 2013-03-28 16:31:10 -------- d-----w- C:\Users\admin\.eclipse 2013-03-28 16:00:35 -------- d-----w- C:\Program Files\eclipse-jee-juno-SR2-win32-x86_64 . ==================== Find3M ==================== . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-16 02:14:04 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-03-16 02:13:06 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2013-03-16 02:13:04 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-03-12 22:04:59 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll 2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll 2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll 2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl 2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll 2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll 2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll 2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll 2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll 2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll 2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl 2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys 2013-03-01 09:21:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-03-01 09:21:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys 2013-02-27 07:11:05 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-02-27 07:11:04 963488 ----a-w- C:\Windows\System32\deployJava1.dll 2013-02-27 07:11:04 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 15:07:28 83688 ----a-w- C:\Windows\System32\mcupdate_AuthenticAMD.dll 2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll . ============= FINISH: 8:58:26.53 =============== --------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 2/24/2013 3:51:21 PM System Uptime: 4/22/2013 6:56:56 AM (2 hours ago) . Motherboard: Gateway | | EG70_BZ Processor: AMD E2-1800 APU with Radeon™ HD Graphics | Socket FT1 | 1700/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 681 GiB total, 611.093 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP11: 4/3/2013 8:51:30 PM - Installed Oracle VM VirtualBox 4.2.10 RP12: 4/10/2013 7:46:20 PM - Windows Update RP13: 4/14/2013 9:54:10 PM - Windows Live Essentials RP14: 4/22/2013 6:12:40 AM - Restore Point April 22, 2013 0200AM . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Quick Stream AMD VISION Engine Control Center Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Backup Manager v4 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Conexant HD Audio CyberLink PowerDVD 10 D3DX10 Desktop Icon Position Saver (64-bit) Desktop Restore DriverTools 1.0 Dropbox eBay Worldwide ETDWare PS/2-X64 11.6.9.001_WHQL FileMind QuickFix Gateway Device Fast-lane Gateway MyBackup Gateway Power Management Gateway Recovery Management GIMP 2.8.4 Google Chrome Google Earth Plug-in Google Update Helper Graboid Video 3.58 Identity Card ImgBurn Java 7 Update 15 (64-bit) Java SE Development Kit 7 Update 15 (64-bit) Launch Manager Live Updater Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft Pro Photo Tools Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 en-US) MSVCRT MSVCRT110 MSVCRT110_amd64 Nero 12 Essentials OEM.a01 Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Express Nero Express Help (CHM) Nero Launcher Nero Update Norton Internet Security Notepad++ OpenOffice.org 3.4.1 Oracle VM VirtualBox 4.2.10 Photo Common Photo Gallery Prerequisite installer Qualcomm Atheros WiFi Driver Installation RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek PCIE Card Reader RealUpgrade 1.1 Spotify VLC media player 1.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 4/22/2013 8:43:22 AM, Error: Service Control Manager [7031] - The Dritek RF Button Command Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service. 4/22/2013 6:55:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service. . ==== End Of File =========================== ------------------------- RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : admin [Admin rights] Mode : Scan -- Date : 04/22/2013 08:45:18 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc] [RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] Test TimeTrigger : C:\Users\admin\AppData\Local\Temp\Runner.exe C:\Users\admin\AppData\Local\Temp\DNS.exe [-] -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++ --- User --- [MBR] be04461bb648d4f25720e0895077dad1 [bSP] 931321f89af69cceb532b19386ef6065 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04222013_02d0845.txt >> RKreport[1]_S_04222013_02d0845.txt ---------------------------------- Thank you for any help you can offer. I'm a newbie at this stuff, but am trying to learn as fast as I can.
  11. I downloaded ezvid (a video editing software) a couple of hours ago and then immediately deleted it as it was also downloading a bunch of other craps with it (conduit search engine and some other stuff), but most importantly I remember it downloading a file to my windows folder in the downloading bar, which I thought was very suspicious. Not long after that I tried to sign in to skype but it said I entered a wrong password,I then tried to open my yahoo email but it also said I entered a wrong password. I tried all my other online website and forum groups that I has password with and I can not login on any of them. Is there any way to retrieve all of my online accounts? I did a quick scan with malwarebytes but it didn't find anything. Any help is greatly appreciated! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.6.0_31 Run by mantik at 22:04:48 on 2013-04-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2797 [GMT -5:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\Hpservice.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\system32\notepad.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130209,17117,0,18,0 uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE \rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll uRun: [Google Update] "C:\Users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165} : DHCPNameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\2656C6B696E6E2430336 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\7756C6F66756A6A6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F4354554C4F52374 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F6374756C602237484A7 : DHCPNameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{48423D3D-A00B-4EA5-8A5A-E903324ED59E} : DHCPNameServer = 207.230.75.50 207.230.75.34 4.2.2.3 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\mantik\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-16 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-17 279616] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-11 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-27 89600] R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-2-24 107520] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-27 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-27 2375168] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-24 103472] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-27 2656280] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-23 77936] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-3-29 29808] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-27 337512] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-18 20:53:27 -------- d-----w- C:\ProgramData\AVS4YOU 2013-04-18 20:53:15 -------- d-----w- C:\Users\mantik\AppData\Roaming\AVS4YOU 2013-04-18 20:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia 2013-04-18 20:52:00 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2013-04-18 20:52:00 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-04-18 20:52:00 -------- d-----w- C:\Program Files (x86)\AVS4YOU 2013-04-18 20:47:43 -------- d-----w- C:\Users\mantik\AppData\Local\ezvid,_inc 2013-04-18 20:17:55 -------- d-----w- C:\Users\mantik\AppData\Local\WeatherBug 2013-04-18 20:17:52 -------- d-----w- C:\Users\mantik\AppData\Roaming\WeatherBug 2013-04-18 20:17:49 -------- d-----w- C:\Program Files (x86)\AWS 2013-04-18 20:16:24 -------- d-----w- C:\Users\mantik\AppData\Local\CRE 2013-04-16 08:16:38 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A64C3793-B60D-48CE-8423-F2B720CFE2B2}\mpengine.dll 2013-04-10 04:22:10 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 04:22:08 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 04:22:05 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-10 04:22:00 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 04:22:00 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 04:22:00 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 04:22:00 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 04:22:00 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 04:22:00 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-22 17:50:34 -------- d-----w- C:\Users\mantik\AppData\Local\{0D40B8E7-E4D1-4F4E-830D-CAA7D29CE358} 2013-03-20 20:16:18 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2013-03-19 09:24:14 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-19 09:24:14 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-12 06:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll . ============= FINISH: 22:05:58.41 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2011 11:46:52 PM System Uptime: 4/18/2013 7:51:24 PM (3 hours ago) . Motherboard: Hewlett-Packard | | 1650 Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU1 | 880/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 571 GiB total, 404.504 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.256 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free. F: is CDROM () G: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP145: 4/2/2013 12:38:38 PM - Windows Update RP146: 4/9/2013 4:50:26 AM - Windows Update RP147: 4/10/2013 3:00:15 AM - Windows Update RP148: 4/16/2013 3:16:01 AM - Windows Update RP149: 4/18/2013 3:17:15 PM - Installed WeatherBug . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5.1 Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X (10.1.2) MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Akamai NetSession Interface ALPS Touch Pad Driver Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AuthenTec TrueAPI AVS Video Editor 6 Bastion Bejeweled 3 Bing Bar BlackBerry Desktop Software 6.1 Blackhawk Striker 2 Blasterball 3 Bonjour Bounce Symphony Cake Mania Canon RAW Codec CCleaner Chronicles of Albian Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 DAEMON Tools Lite DecisionTools Suite Industrial 5.7.1 Edu Edition DefaultTab Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dropbox Elements 9 Organizer Elements STI Installer ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FastPictureViewer Professional 1.9.261.0 (64-bit) FATE Free Opener Google Chrome Google Drive Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.1.1.0 HP 3D DriveGuard HP Client Services HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Launch Box HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® WiDi Intel® Wireless Display IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 24 Java 6 Update 31 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) Kaspersky Security Scan Magic ISO Maker v5.5 (build 0281) Mah Jong Medley Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus McAfee SiteAdvisor Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Norton Internet Security PakkISO 0.4 PDF Settings CS5 Penguins! Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek PCIE Card Reader RealUpgrade 1.1 Recovery Manager SAS 9.3 Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition SelectionLinks Skype Click to Call Skype™ 6.3 Slingo Supreme SmartSound Quicktracks for Premiere Elements 9.0 Spotify SpyHunter Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Validity WBF DDK VIP Access SDK (1.0.1.2) Virtual Villagers 5 - New Believers WeatherBug WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 16.0 Yahoo! Software Update Yahoo! Toolbar Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 4/18/2013 3:18:43 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service. 4/18/2013 3:18:41 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s). 4/16/2013 4:52:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. 4/16/2013 4:52:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} . ==== End Of File ===========================
  12. I downloaded ezvid (a video editing software) a couple of hours ago and then immediately deleted it as it was also downloading a bunch of other craps with it (conduit search engine and some other stuff), but most importantly I remember it downloading a file to my windows folder in the downloading bar, which I thought was very suspicious. Not long after that I tried to sign in to skype but it said I entered a wrong password,I then tried to open my yahoo email but it also said I entered a wrong password. I tried all my other online website and forum groups that I has password with and I can not login on any of them. Is there any way to retrieve all of my online accounts? I did a quick scan with malwarebytes but it didn't find anything. Any help is greatly appreciated!
  13. Hello, I believe I am infected with the ad.xtendmedia virus. I've tried multiple malware removal programs but nothing can find anything infected on my computer. I get little popups while browsing the internet, and am sometimes redirected to a different website than I was intending to go to. I ran dds and here are my logs: DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2 Run by Kevin Ewert at 9:29:23 on 2013-04-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.852 [GMT -5:00] . AV: Managed Antivirus Managed Antivirus *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Advanced Monitoring Agent\winagent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\ADVANC~1\managedav\SBAMSvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\Program Files\Zune\ZuneBusEnum.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ADVANC~1\managedav\SBAMTray.exe C:\PROGRA~1\SEARCH~2\Datamngr\DATAMN~1.EXE C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe c:\Program Files\Zune\ZuneWlanCfgSvc.exe C:\Program Files\Microsoft Works\wkswp.exe C:\Program Files\Microsoft Works\MSWorks.exe C:\Program Files\Microsoft Works\wkgdcach.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.coupons.com/ uWindow Title = Powered by Charter Communications uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://search.coupons.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [Google Update] "c:\documents and settings\kevin ewert\local settings\application data\google\update\GoogleUpdate.exe" /c uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zune 4.0)" -"http://perspective.pearsonaccess.com/content/resources/learningresources/rd/cct_imp2.html?cct=cct/v_06_01_01" mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sBAMTray] "c:\progra~1\advanc~1\managedav\SBAMTray.exe" mRun: [DATAMNGR] c:\progra~1\search~2\datamngr\DATAMN~1.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Search - http://kl.bar.need2f...earch.html?p=KL IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.10/uploader2.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/15274ee98603a0a0d701/netzip/RdxIE601.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123689493343 DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://office.sonscape.org/Remote/msrdp.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c2/v20.127/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7BDE0E69-4C31-40F5-A51E-46FF6D034AD9} : DHCPNameServer = 192.168.1.1 Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - <orphaned> Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs= c:\progra~1\search~2\datamngr\datamngr.dll c:\progra~1\search~2\datamngr\IEBHO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-8-8 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624] R2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files\advanced monitoring agent\winagent.exe [2012-8-7 3517952] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-10 54752] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-23 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-9 701512] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 SBAMSvc;Managed Antivirus;c:\progra~1\advanc~1\managedav\SBAMSvc.exe [2011-10-12 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-8-8 74104] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-9 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-17 40776] S2 5874;5874;\??\c:\docume~1\kevine~1\locals~1\temp\5874.sys --> c:\docume~1\kevine~1\locals~1\temp\5874.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-3-13 4736] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.318\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [?] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-3-13 8960] S3 PortAcc;Spearit Port Access;c:\program files\laplink\pcmover\PortAcc.sys [2006-3-13 10752] . =============== File Associations =============== . ShellExec: BitDownload.exe: open=c:\documents and settings\kevin ewert\desktop\justin\bitdownload\BitDownload.exe ShellExec: QuickTimePlayer.exe: open=c:\progra~1\quickt~1\QUICKT~1.EXE "%1" . =============== Created Last 30 ================ . 2013-04-17 14:27:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-05 13:22:03 -------- d-----w- c:\documents and settings\kevin ewert\local settings\application data\APN 2013-04-05 13:22:01 -------- d-----w- c:\program files\Ask.com 2013-04-05 13:22:01 -------- d-----w- C:\Firefox 2013-04-05 13:22:00 -------- d-----w- c:\documents and settings\kevin ewert\local settings\application data\AskToolbar 2013-04-05 13:11:38 -------- d-----w- c:\documents and settings\all users\application data\Ask 2013-04-05 13:11:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-04 02:43:09 -------- d-----w- c:\documents and settings\kevin ewert\application data\ElevatedDiagnostics 2013-03-21 18:11:37 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:11:37 12928 ------w- c:\windows\system32\dllcache\usb8023.sys . ==================== Find3M ==================== . 2013-04-05 13:11:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-05 13:11:02 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-05 13:11:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-13 09:10:42 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 09:10:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ------w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023.sys 2013-01-31 22:51:15 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll . ============= FINISH: 9:30:43.06 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/21/2006 8:36:33 PM System Uptime: 4/11/2013 3:24:16 AM (150 hours ago) . Motherboard: Dell Inc. | | 0HJ054 Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 228 GiB total, 16.989 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable J: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP2398: 1/18/2013 5:19:03 AM - System Checkpoint RP2399: 1/19/2013 6:15:01 AM - System Checkpoint RP2400: 1/20/2013 3:00:19 AM - Software Distribution Service 3.0 RP2401: 1/21/2013 3:18:45 AM - System Checkpoint RP2402: 1/22/2013 4:18:46 AM - System Checkpoint RP2403: 1/23/2013 5:17:41 AM - System Checkpoint RP2404: 1/23/2013 2:14:55 PM - Removed Greeting Card Factory Express RP2405: 1/24/2013 2:55:13 PM - System Checkpoint RP2406: 1/25/2013 3:52:51 PM - System Checkpoint RP2407: 1/26/2013 4:44:06 PM - System Checkpoint RP2408: 1/27/2013 5:41:41 PM - System Checkpoint RP2409: 1/28/2013 6:38:33 PM - System Checkpoint RP2410: 1/29/2013 7:36:38 PM - System Checkpoint RP2411: 1/30/2013 8:53:59 PM - System Checkpoint RP2412: 1/31/2013 4:51:11 PM - Installed Logitech Desktop Messenger RP2413: 1/31/2013 4:51:34 PM - Installed Remote Control USB Driver RP2414: 1/31/2013 4:51:49 PM - Installed Logitech Harmony Remote Software 7 RP2415: 2/1/2013 5:32:39 PM - System Checkpoint RP2416: 2/2/2013 3:25:05 PM - Installed Microsoft Fix it 50577 RP2417: 2/2/2013 3:37:26 PM - Installed Zune 4.8 RP2418: 2/3/2013 4:00:22 PM - System Checkpoint RP2419: 2/4/2013 4:14:45 PM - System Checkpoint RP2420: 2/5/2013 4:16:03 PM - System Checkpoint RP2421: 2/6/2013 5:11:42 PM - System Checkpoint RP2422: 2/7/2013 5:31:24 PM - System Checkpoint RP2423: 2/8/2013 6:06:08 PM - System Checkpoint RP2424: 2/9/2013 6:14:56 PM - System Checkpoint RP2425: 2/10/2013 6:23:03 PM - System Checkpoint RP2426: 2/11/2013 7:21:14 PM - System Checkpoint RP2427: 2/12/2013 8:05:43 PM - System Checkpoint RP2428: 2/13/2013 8:29:08 PM - System Checkpoint RP2429: 2/14/2013 3:00:22 AM - Software Distribution Service 3.0 RP2430: 2/14/2013 8:49:44 PM - Installed Windows XP winusb0100. RP2431: 2/15/2013 8:55:55 PM - System Checkpoint RP2432: 2/16/2013 9:32:32 PM - System Checkpoint RP2433: 2/17/2013 9:54:40 PM - System Checkpoint RP2434: 2/18/2013 10:07:41 PM - System Checkpoint RP2435: 2/19/2013 10:44:15 PM - System Checkpoint RP2436: 2/20/2013 11:48:09 PM - System Checkpoint RP2437: 2/22/2013 12:36:40 AM - System Checkpoint RP2438: 2/23/2013 1:41:21 AM - System Checkpoint RP2439: 2/24/2013 2:30:21 AM - System Checkpoint RP2440: 2/25/2013 3:29:03 AM - System Checkpoint RP2441: 2/26/2013 4:24:13 AM - System Checkpoint RP2442: 2/27/2013 4:46:03 AM - System Checkpoint RP2443: 2/28/2013 5:46:04 AM - System Checkpoint RP2444: 3/1/2013 6:43:10 AM - System Checkpoint RP2445: 3/2/2013 7:44:00 AM - System Checkpoint RP2446: 3/3/2013 7:44:28 AM - System Checkpoint RP2447: 3/4/2013 9:26:21 AM - System Checkpoint RP2448: 3/5/2013 9:40:23 AM - System Checkpoint RP2449: 3/6/2013 9:48:21 AM - System Checkpoint RP2450: 3/7/2013 10:35:19 AM - System Checkpoint RP2451: 3/8/2013 11:29:45 AM - System Checkpoint RP2452: 3/9/2013 12:24:43 PM - System Checkpoint RP2453: 3/10/2013 1:27:41 PM - System Checkpoint RP2454: 3/11/2013 1:55:09 PM - System Checkpoint RP2455: 3/12/2013 2:51:08 PM - System Checkpoint RP2456: 3/13/2013 3:18:12 PM - System Checkpoint RP2457: 3/14/2013 3:00:19 AM - Software Distribution Service 3.0 RP2458: 3/15/2013 3:29:22 AM - System Checkpoint RP2459: 3/16/2013 3:36:16 AM - System Checkpoint RP2460: 3/17/2013 4:12:44 AM - System Checkpoint RP2461: 3/18/2013 5:06:24 AM - System Checkpoint RP2462: 3/19/2013 6:05:58 AM - System Checkpoint RP2463: 3/20/2013 6:08:21 AM - System Checkpoint RP2464: 3/21/2013 7:06:32 AM - System Checkpoint RP2465: 3/22/2013 3:00:21 AM - Software Distribution Service 3.0 RP2466: 3/23/2013 3:24:22 AM - System Checkpoint RP2467: 3/24/2013 3:26:17 AM - System Checkpoint RP2468: 3/25/2013 3:36:58 AM - System Checkpoint RP2469: 3/26/2013 4:36:52 AM - System Checkpoint RP2470: 3/27/2013 5:11:37 AM - System Checkpoint RP2471: 3/28/2013 6:06:49 AM - System Checkpoint RP2472: 3/29/2013 7:06:47 AM - System Checkpoint RP2473: 3/30/2013 7:12:53 AM - System Checkpoint RP2474: 3/31/2013 8:03:33 AM - System Checkpoint RP2475: 4/1/2013 8:39:43 AM - System Checkpoint RP2476: 4/2/2013 9:04:41 AM - System Checkpoint RP2477: 4/3/2013 9:07:40 AM - System Checkpoint RP2478: 4/3/2013 9:41:23 PM - Installed %1 %2. RP2479: 4/4/2013 10:03:32 PM - System Checkpoint RP2480: 4/5/2013 8:10:11 AM - Removed Java™ 7 Update 4 RP2481: 4/5/2013 8:10:54 AM - Installed Java 7 Update 15 RP2482: 4/6/2013 9:24:44 AM - System Checkpoint RP2483: 4/7/2013 10:03:35 AM - System Checkpoint RP2484: 4/8/2013 11:03:33 AM - System Checkpoint RP2485: 4/9/2013 12:03:34 PM - System Checkpoint RP2486: 4/10/2013 1:02:26 PM - System Checkpoint RP2487: 4/11/2013 3:00:20 AM - Software Distribution Service 3.0 RP2488: 4/12/2013 3:26:31 AM - System Checkpoint RP2489: 4/13/2013 3:30:48 AM - System Checkpoint RP2490: 4/14/2013 4:25:08 AM - System Checkpoint RP2491: 4/15/2013 5:25:09 AM - System Checkpoint RP2492: 4/16/2013 6:25:11 AM - System Checkpoint RP2493: 4/17/2013 6:40:02 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) Advanced Monitoring Agent AIM 6 Allok Video Converter 4.4.0609 AnswerWorks 5.0 English Runtime AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Ask Toolbar Ask Toolbar Updater Asteroids ATI - Software Uninstall Utility ATI Display Driver ATI Parental Control Audacity 1.2.6 Bonjour BufferChm Build In Time BUM Cabela's Deer Hunt 2005 Season CameraDrivers Charter Browser Updater Compaq Wallpaper Conexant D850 56K V.9x DFVc Modem CopySafe Plugin Corel Photo Album 6 Coupon Printer for Windows CouponBar CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) Cucusoft DVD to iPod/PSP + iPod/PSP Video Converter Suite 2.8.3 Cucusoft DVD to PSP Converter 7.15 Cucusoft DVD to Zune + Zune Video Converter Suite 7.19.7.12 CueTour Dell Driver Reset Tool Dell Game Console Dell System Restore DellSupport Digital Line Detect Director DirectX Media Runtime 5.1 Download Updater (AOL LLC) EarthLink setup files ELIcon EPSON CardMonitor EPSON Copy Utility EPSON Photo Print EPSON Printer Software EPSON RX500 Reference Guide EPSON Scan EPSON Smart Panel FinePixViewer Resource FinePixViewer Ver.5.1 FUJIFILM USB Driver Garmin Communicator Plugin Garmin USB Drivers GemMaster Mystic Google Chrome Google Earth Google Pack Screensaver Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 5.2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format 11 SDK (KB973442) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Diagnostic Assistant HP Image Zone 4.0 HP Officejet 6500 E710n-z Basic Device Software HP Officejet 6500 E710n-z Help HP Officejet 6500 E710n-z Product Improvement Study HP Photosmart Cameras 4.0 HP Software Update HP Update HPSystemDiagnostics I.R.I.S. OCR iLivid ImageMixer VCD2 LE for FinePix InstantShare InstantShareAlert Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections InterVideo Installer IrfanView (remove only) iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java 7 Update 15 Java Auto Updater JavaFX 2.1.0 Junk Mail filter update Know the Bible Toolbar Chrome Extension KODAK EASYSHARE Gallery Easy Upload, v2.1 Learn2 Player (Uninstall Only) Logitech Desktop Messenger Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.75.0.1300 Managed Antivirus MCU Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Age of Empires Gold Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft VC9 runtime libraries Microsoft Visual Basic 2005 Express Edition - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WinUsb 1.0 Microsoft Works 6.0 MobileMe Control Panel MONOPOLY HERE AND NOW EDITION MSN MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) msxml4 Musicnotes Player V1.23.1 My Wal-Mart Digital Photo Center neroxml OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 OpenOffice.org 3.2 Otto Overland Palm PCmover PhotoGallery Picasa 3 PSP Video Express(remove only) Punch! Super Home Suite QFolder Quicken 2009 QuickProjects QuickTime RapidGX Media Free Trial RAW FILE CONVERTER LE Remote Control USB Driver Roll Safari Searchqu Toolbar Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 Series (KB969878) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Shutterfly Express Uploader Sibelius Scorch (ActiveX Only) Sierra On-Line Games (Remove only) SkinsHP1 Skype™ 5.10 Sonic Activation Module Sonic Encoders Sonic Update Manager SonicStage 4.3 Sony Noise Reduction Plug-In 2.0h Sony Picture Utility Sony Sound Forge 9.0 Sony USB Driver Sony Vegas Movie Studio 8.0 Spelling Dictionaries Support For Adobe Reader 9 SplashPhoto TD AMERITRADE StrategyDesk 3.4 TeamViewer 5 The Next Tetris Torch TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player VLC media player 2.0.5 VoiceOver Kit WebFldrs XP WebReg West Point Bridge Designer 2007 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Writer Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows Mobile Device Updater Component Windows PowerShell™ 1.0 Windows Presentation Foundation Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 Wondershare DVD to Zune Ripper(Build 1.1.1.0) Trial Version WordPerfect Office 12 XML Paper Specification Shared Components Pack 1.0 Yahoo! Install Manager Yahoo! Software Update Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 4/15/2013 12:38:51 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/14/2013 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402 4/14/2013 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402 4/14/2013 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402 4/14/2013 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402 4/14/2013 12:32:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 4/14/2013 12:25:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 4/14/2013 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 4/14/2013 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 4/14/2013 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 4/14/2013 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 4/13/2013 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 4/13/2013 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402 4/13/2013 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 4/13/2013 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402 4/12/2013 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 4/12/2013 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 4/12/2013 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402 4/12/2013 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402 4/12/2013 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402 4/12/2013 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402 4/12/2013 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402 4/12/2013 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402 4/12/2013 4:59:59 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402 4/12/2013 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402 4/12/2013 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402 4/12/2013 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 4/12/2013 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402 4/12/2013 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 4/12/2013 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402 4/12/2013 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 4/11/2013 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 4/11/2013 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402 4/11/2013 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 4/11/2013 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402 4/11/2013 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402 4/11/2013 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402 4/11/2013 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402 4/11/2013 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402 4/11/2013 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 4/11/2013 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 . ==== End Of File =========================== Thanks so much in advance for you help! My computer is really struggling.
  14. hello, I know for sure that is some sort of rootkit because i just formatted the PC twice in a row, only the local disk for the windows, and i still get pop ups from MB with 'blocked acces to a potential malcious website although i am mindining my own business on youtube.(no toolbars or peer to peer soft. on my pc), i even reinstalled google chrome( unininstaling it with revo)a dozen. of rimes already.. and all i got from all the scans was zero.. dds.scr & dds.com don't work, i leave them alone for 14h and they still say 'two logs will be created on your desktop'... I have remade my account here 3 times (3rd on my iphone) cause it allways said incorrect just to make this post (on my iphone, yeah.. i am that paranoid..) i must say i have great respect for all you people out the who spend their 4 minutes helping/reading other guys topic.. i don't have much hope for this so i want to see what else i can do before i delete all my good old times pic/music/vids/games etc with a (probably useless format) of my disk aswell.. PC: windows 7 32 bit service pack 1 ram 2gb intel core 2 quad cpu Q6600 @ 2.40GHz 2.40GHz GeForce 9300 GE Packard bell thank you
  15. hello, I know for sure that it some sortof rootkit because i just formatted the PC twice ina row, only the local disk for the windows, and i still get pop ups from MB with 'blocked acces to a potential malcious website although i am mindining my own business on youtube.(no toolbars or peer to peer soft. on my pc), i even reinstalled google chrome( unininstaling it with revo)a dozen. of rimes already.. and all i got from all the scans was zero.. dds.scr & dds.com don't work, i leave them alone for 14h and they still say 'two logs will be created on your desktop'... I have remade my account here 3 times (3rd on my iphone) cause it allways said incorrect just to make this post (on my iphone, yeah.. i am that paranoid..) i must say i have great respect for all you people out the who spend their 4 minutes helping/reading other guys topic.. i don't have much hope for this so i want to see what else i can do before i delete all my good old times pic/music/vids/games etc with a (probably useless format) of my disk aswell.. PC: windows 7 32 bit service pack 1 ram 2gb intel core 2 quad cpu Q6600 @ 2.40GHz 2.40GHz GeForce 9300 GE Packard bell thank you
  16. Good morning all, I recently had someone install a number of toolbars on my computer that caused my computer to be infected by a number of viruses and PUP's (potentially unwanted programs). I have managed to eliminate most of them using a combination of Avast and MSE. Can someone please look at the attached log and see if there's anything still here I should be worried about? Lee W hijackthis.log
  17. Hi there, I seem to be experiencing problems associated with Malware that I cannot get to the bottom of. I've followed the guidelines on your thread titled 'I'm infected - What do I do now?' and have copied the text below as requested. Please help!!! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2 Run by Ian at 12:33:05 on 2013-04-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1051 [GMT 1:00] . AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\RtkAudioService.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Users\Mark\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe C:\Windows\system32\DllHost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [Google Update] "c:\users\ian\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Akamai NetSession Interface] "c:\users\ian\appdata\local\akamai\netsession_win.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [showBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-ba7e-000000000003}\_SC_Acrobat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{23F03013-B6E3-4481-B1A4-007AF1833B12} : DHCPNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{920DE905-0E5C-4DCA-98A9-09D9356A7BD7} : DHCPNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs= c:\progra~1\wi9130~1\datamngr\datamngr.dll, c:\progra~1\google\google~1\goec62~1.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\ompr541b.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=021113&q= FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll FF - plugin: c:\users\ian\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - ExtSQL: !HIDDEN! 2009-09-02 18:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08 ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-1-30 625128] R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-10-25 162976] R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-10-25 77192] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-10-25 72704] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-2-25 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-20 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-24 682344] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-6-2 229376] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032] R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-5-16 98304] R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2012-10-25 82824] R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-4-21 689464] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-6-2 104960] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-10-25 55984] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-6-2 17408] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-1-30 482928] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-5-16 28464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-24 21104] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-17 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-5-16 411488] S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-1-30 66392] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-2 30192] S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-6-21 23096] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-6-2 104288] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-6-2 350048] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-6-2 63328] S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-7-30 23608] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-8-5 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-8-5 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-8-5 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-8-5 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-8-5 25704] S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-10-25 62688] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2013-03-18 18:33:01 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-03-29 09:49:23 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys 2013-03-13 08:58:14 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 08:58:14 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-25 19:02:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-25 19:01:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-02-25 19:01:51 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-30 19:31:14 482928 ----a-w- c:\windows\system32\drivers\avckf.sys 2013-01-30 19:31:12 625128 ----a-w- c:\windows\system32\drivers\avc3.sys 2013-01-30 19:31:08 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2013-01-29 18:17:32 18800 ----a-w- c:\windows\system32\roboot.exe . ============= FINISH: 12:36:05.89 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 25/08/2008 19:16:42 System Uptime: 09/04/2013 08:33:56 (4 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | N/A | 1600/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 87.541 GiB free. D: is Removable E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&315347F&0&64B9E8613B7F_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&315347F&0&64B9E8613B7F_C00000000 Service: . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Device ID: ROOT\SYSTEM\0001 Manufacturer: Name: PNP Device ID: ROOT\SYSTEM\0001 Service: . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat 8 Standard - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Common File Installer Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 Professional Adobe Flash CS4 STI-en Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop 6.0 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Photoshop Elements 6.0 Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader X (10.1.6) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advanced Find and Replace v5.2 Akamai NetSession Interface Akamai NetSession Interface Service Alps Pointing-device for VAIO Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Magic-i Visual Effects ArcSoft WebCam Companion 2 ATI Catalyst Install Manager Atlantis - Sky Patrol (remove only) µTorrent BatteryBar (remove only) Big Fish Games Center Big Fish Games Sudoku (remove only) Bitdefender Total Security 2013 BoB Test Screensaver Bonjour Browser Address Error Redirector Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Click to Disc Click to Disc Editor Colour Spy 1.5 Compatibility Pack for the 2007 Office system Connect Creative Removable Disk Manager Creative System Information D3DX10 Digital Photo Navigator 1.5 DivX Converter DivX Setup DivX Version Checker Dolby Control Center EAX Unified (SHELL) FileZilla Client 3.6.0.2 Google Chrome Google Desktop Google Earth Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper HDAUDIO SoftV92 Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software Ipswitch WS_FTP 12 iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 4 Java 6 Update 7 JustCamIt 2.1.0 kuler LogMeIn Macromedia Contribute 3.11 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Mahjong Towers Eternity (remove only) Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Access 2003 Runtime Microsoft Office File Validation Add-In Microsoft Office PowerPoint Viewer 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MobileMe Control Panel Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser My Club VAIO Mystery Case Files - Prime Suspects (remove only) Napster Burn Engine OGA Notifier 2.0.0048.0 OpenMG Secure Module 5.0.00 OpenOffice.org Installer 1.0 OXPDFCreator PaperPort Image Printer PDF Settings CS4 Photoshop Camera Raw Picasa 2 Pixel Bender Toolkit PowerCinema NE for Everio PowerDirector Express PowerProducer QuickTime Rapport RealPlayer Realtek High Definition Audio Driver Rosetta Stone Version 3 Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home ScanSoft PaperPort 11 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Segoe UI Setting Utility Series Skins Skype™ 6.1 SonicStage Mastering Studio SonicStage Mastering Studio Audio Filter SonicStage Mastering Studio Audio Filter Custom Preset SonicStage Mastering Studio Plugins Sony Video Shared Library Suite Shared Configuration CS4 TheBestSpinner3 TomTom HOME 2.7.2.1825 TomTom HOME Visual Studio Merge Modules TweetDeck Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VAIO Content Folder Setting VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Setting VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Edit Components 6.4 VAIO Entertainment Platform VAIO Event Service VAIO Guide VAIO Launcher Vaio Marketing Tools VAIO Media plus VAIO Movie Story VAIO Movie Story Template Data VAIO MusicBox VAIO MusicBox Sample Music VAIO Original Function Setting VAIO Power Management VAIO Presentation Support VAIO Smart Network VAIO Update 4 VAIO Wallpaper Contents VC80CRTRedist - 8.0.50727.4053 Virgin Media Service Manager 3.7.47 Virtual Villagers (remove only) WIDCOMM Bluetooth Software 6.1.0.2200 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Searchqu Toolbar WinDVD for VAIO WinRAR archiver Yahoo! Toolbar ZENcast Organizer . ==== End Of File ===========================
  18. Alrighty, so a few days ago when i booted my pc it crahed. I started trying to fix it and it worked (disabled some services) after that i saw my antivirusses and firewall, everything was off. Now when i wanted it to turn on it didnt work. I downloaded like 10 diff. Antivirusses including malwarebytes. They all had the same problem. After scanning with malwarebytes i finally found something, removed it and rebooted. Guesse what..... still cant turn on any antivirus! I really need help cuz i use this laptop for school. (Sorry for bad english im dutch) Ps. I have to sleep now.
  19. I saw a topic similar to my situation but did not know if it was the exact same. AOL is forcing me to make them my homepage and will not exit out unless I comply. Random advertisements pop up saying my computer is under serious threat, also. Please help I read the "I'm infected - What do I do now?" page and am attaching "DDS" and "Attach". dds.txt attach.txt
  20. I have a Dell Inspiron running windows XP. My computer was infected with the FBi moneypac virus and I tried rebooting in safe mode to repair. The virus blocks safe mode from initiating and instead displays a white screen. I am unable to access the Internet or see my desktop. I have an iPhone which allows me Internet access. Please help.
  21. This problem happens contiunally and at random. It happens when I go online, but never does it happen offline and from what I've read of other people with this problem it could likely be a virus or malware of some kind or a backdoor trojin. I was referred here by one of the experts from General Malwarebytes Anti-malware forum" someone please help me determine if I do indeed have some kind of malicious attack on my PC or if it is merely a software glitch. here are my PC's stats. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 14:56:48 on 2013-04-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1361 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* FW: Kaspersky Internet Security *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Razer\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [razertra] c:\program files\razer\razertra.exe mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" mRunOnce: [Z1] cmd /c "e:\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104] S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736] S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832] . =============== Created Last 30 ================ . 2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core 2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs 2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller 2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games 2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin 2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts 2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin 2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0 2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games 2013-03-29 07:02:44 -------- d-----w- C:\Games 2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare 2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2 2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age 2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare 2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect 2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus 2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics 2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus 2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb 2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection 2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner 2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch 2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb 2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb 2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus 2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe 2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files 2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl 2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys 2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL 2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF 2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple 2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer 2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp 2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs 2013-03-19 08:21:36 -------- d-----w- c:\windows\pss 2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys 2013-03-17 17:33:27 -------- d-----w- C:\AMD 2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner 2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine 2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2 2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles 2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4 2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates 2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8 2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall 2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe 2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE 2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data 2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative 2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr 2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll 2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp 2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys 2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll 2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys 2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys 2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS 2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups 2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe 2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS 2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . ==================== Find3M ==================== . 2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll . ============= FINISH: 14:57:41.96 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/15/2013 2:16:14 AM System Uptime: 4/1/2013 2:20:07 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 932 GiB total, 842.072 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 73.977 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: AMD High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Manufacturer: Advanced Micro Devices Name: AMD High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Service: AtiHDAudioService . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: VIA RAID Controller - 3149 Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Manufacturer: VIA Technologies, Inc. Name: VIA RAID Controller - 3149 PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Service: viamraid . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) AMD Catalyst Install Manager Apple Application Support Apple Software Update Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 DARK VOID Dragon Age: Origins Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect Mass Effect 2 Mass Effect™ 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator X Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA PhysX OpenAL Origin QuickTime Razer redist Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Sound Blaster X-Fi Two Worlds Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 . ==== Event Viewer Messages From Past Week ======== . 4/1/2013 2:20:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx 4/1/2013 2:17:59 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 3/31/2013 9:30:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ad-Aware service to connect. 3/31/2013 9:30:59 AM, error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/31/2013 9:30:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} 3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database. . ==== End Of File ===========================
  22. Computer is deathly slow online (sometimes). Spent several months online, then reconnected with Norton via Comcast. Getting worse and worse, requiring daily reboots. 7 year old computer, P4 3.0, 3 GB RAM, 128 MB video. I know it needs upgrades but can I save this or is it just time to get a new computer? Hijackthis below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:09:04 AM, on 3/29/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Jared\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\CCleaner\ccleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: (no name) - {657E195F-066D-435C-92DB-7C261E6FE832} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Download Energy - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file) O3 - Toolbar: (no name) - !{ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe O4 - HKLM\..\Policies\Explorer\Run: [RClO1i7eA1] C:\Documents and Settings\All Users\Application Data\apsbudit\yzcfgdwp.exe O4 - HKCU\..\Policies\Explorer\Run: [RClO1i7eA1] C:\Documents and Settings\All Users\Application Data\apsbudit\yzcfgdwp.exe O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Morpheus Music\RazaWebHook.dll/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab O16 - DPF: {61F38134-94CB-491C-AECA-37B387E73C23} (IWebVisualsInstallObj Class) - https://sgirydex.on.webvisuals.net/confmgr/mount/34898/branding/installs/ICWMInstall.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358914122619 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343197078609 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fugentbe.webex.com/client/T26L10NSP49EP4/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://site02.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cab O18 - Filter hijack: text/html - {c6377324-6c3c-45f5-b992-a1e2eabce0ae} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: TF Update - - C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12905 bytes
  23. hi, i'm a newbie and am not a computer savvy. last night while using my laptop, i found out that since March 24th, my Avira antivirus automatically update has failed to update and till now wont do the automatic update. since i just got a BSoD on the same day, i thought maybe because i was did the system Recovery. so then i did the update manually and for safety, i ran it. It came back with 2 virus, which i really forgot the name since i just clicked remove. Then i ran Malwarebytes and found 2 trojan/virus: Trojan.Ransom and PUM.UserWLoad. I removed right away. after restarted my computer, i ran HitmanPro and Malwarebytes again. HitmanPro came back clean, but in Malwarebytes, those 2 were back again. i removed and restart my computer and scanned it again, and both Trojan.Ransom and PUM.UserWLoad keep coming back. i have done it for 3 times. i've done the steps mentioned here : http://www.techspot.com/vb/topic58138.html. and i have uninstall Avira (since it still failed to automatically update) and instal Avast. here are the result : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 maria :: MARIA-PC [administrator] 3/29/2013 12:20:07 PM mbam-log-2013-03-29 (12-20-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191348 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I ran RogueKiller, here's the result : RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : maria [Admin rights] Mode : Scan -- Date : 03/29/2013 12:28:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [sHELL][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] 428f8d519c5427dc22265cec51d1a069 [bSP] c8496c40e90cbc7dfd19b1c9015414c6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188472 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03292013_02d1228.txt >> RKreport[1]_S_03292013_02d1228.txt Please help me. and pardon me for my poor English. dds.txt attach.txt
  24. My pc is running very slow and the cpu usage is at 100% a lot of the time. I ran malwarebytes and there were a few issues listed. Thanks for any help! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.