Jump to content

Search the Community

Showing results for tags 'malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, I have spent many hours trying to fix my Toshiba running Windows 7. I had a vrius I was able to remove using MalwareBytes and HouseCall. Since then I have had a lot of problems with windows running correctly including Windows Update giving me different errors. I have figured out that I don't have BITS installed in Service.msc and any effort on my part to install it has failed. I welcome any help to get my computer back to normal. Thanks, mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.70.0.1100 Date Log Created: 03/10/13 Time Log Created: 01:16:58 User Account type: Administrator 64 bit Operating System Product Name: REG_SZ Windows 7 Home Premium Current Build Number: 7600 Current Version Number: 6.1 Current CSDVersion: Proxy Status: No proxy is Set Proxy Server: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyServer REG_SZ proxy.cendant.com:8080 Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ <local> LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1077 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\ProgramData\Best Buy pc app\ClickOnceUninstaller.exeREG_SZ VISTARTM HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers SIGN.MEDIA=22AF134C SETUP.EXE REG_SZ WIN98 640X480 SIGN.MEDIA=22AF134C AUTORUN.EXEREG_SZ WIN98 256COLOR 640X480 SIGN.MEDIA=3FD0 bowep\disk1\SETUP.EXEREG_SZ WINXPSP3 SIGN.MEDIA=34C32A0 SIMTOWER\SIMTOWER.EXEREG_SZ WINXPSP3 SIGN.MEDIA=399E0B SETUP.EXE REG_SZ WINXPSP3 Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status: ========================== <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAMScheduler Registry Values: ============================== MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ _ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ __CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ __vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 startipdisabled REG_DWORD 0 notifyinstallprogram REG_DWORD 1 InstallPath REG_SZ E:\Malwarebytes' Anti-Malware dbdate REG_SZ Mon, 04 Mar 2013 02:15:27 GMT dbversion REG_SZ v2013.03.04.01 programversion REG_SZ 1.70.0.1100 contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 autoquarantine REG_DWORD 1 autoquarantinenotify REG_DWORD 1 programbuild REG_SZ consumer HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\| HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.5.3-dev (a) Inno Setup: App Path REG_SZ E:\Malwarebytes' Anti-Malware InstallLocation REG_SZ E:\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: No Icons REG_DWORD 1 Inno Setup: User REG_SZ Charlton Inno Setup: Selected Tasks REG_DWORD 0 Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100 DisplayIcon REG_SZ E:\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "E:\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "E:\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.70.0.1100 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20130224 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 70 EstimatedSize REG_DWORD 18895 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Charlton\AppData\Local\Temp\~nsu.tmp\Au_.exe Scheduler Queue: ================ Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ E:\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ E:\Malwarebytes' Anti-Malware MBAM Drivers: ============= C:\windows\system32\drivers\mbam.sys File Size: 24176 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== BFE: ============== Type : 32 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 1 Start REG_DWORD 2 Type REG_DWORD 32 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\windows\system32\drivers\fltmgr.sys File Size: 290368 BYTES FileVersion: 6.1.7600.16385 C:\windows\SysWOW64\mscomctl.ocx File Size: 1066176 BYTES FileVersion: 6.0.88.62 C:\windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7600.16385 List of MBAM Related Directories: ================================= C:\Users\Charlton\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Charlton\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2013-02-24 (17-56-24).txt File Size: 4568 BYTES mbam-log-2013-02-24 (18-03-39).txt File Size: 1836 BYTES mbam-log-2013-02-24 (20-28-03).txt File Size: 2218 BYTES mbam-log-2013-02-24 (21-00-57).txt File Size: 1836 BYTES mbam-log-2013-02-24 (21-25-16).txt File Size: 1810 BYTES mbam-log-2013-02-24 (21-39-30).txt File Size: 1836 BYTES mbam-log-2013-03-03 (21-54-34).txt File Size: 1834 BYTES C:\Users\Charlton\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine 0231486101.data File Size: 736 BYTES 0231486101.quar File Size: 462848 BYTES 2074607426.data File Size: 735 BYTES 2074607426.quar File Size: 2071 BYTES 2283051209.data File Size: 896 BYTES 3884876938.data File Size: 765 BYTES 3884876938.quar File Size: 462848 BYTES 4305501464.data File Size: 736 BYTES 4305501464.quar File Size: 462848 BYTES 5949585864.data File Size: 732 BYTES 5949585864.quar File Size: 157184 BYTES 6448310477.data File Size: 750 BYTES 6448310477.quar File Size: 1024 BYTES 7630777211.data File Size: 739 BYTES 7630777211.quar File Size: 42496 BYTES 8849923168.data File Size: 808 BYTES 8849923168.quar File Size: 2107 BYTES 9084624504.data File Size: 776 BYTES 9343646376.data File Size: 777 BYTES 9343646376.quar File Size: 42496 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware mbam-setup.exe File Size: 10156344 BYTES FileVersion: 1.70.0.1100 rules.ref File Size: 5973046 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration build.conf File Size: 140 BYTES config.conf File Size: 3970 BYTES custom.conf File Size: 20 BYTES database.conf File Size: 432 BYTES html.conf File Size: 2762 BYTES local.conf File Size: 896 BYTES manifest.conf File Size: 1752 BYTES messaging.conf File Size: 1430 BYTES news.conf File Size: 405 BYTES =============================================================== END OF FILE
  2. Hi - I would appreciate some help with a problem I am having. After performing a search with google - when I click on one of the results, I am redirected to another site which my antivirus program blocks fortunately. This doesn't happen on the 1st search I run after opening internet explorer - only on subsequent searches. I have updated and ran malwarebytes anti malware but no malicious processes are detected. My antivirus program does not detect anything either. Is there anything else I can do to fix this? - thanks - Matt
  3. many things have happened to my computer since I did a clean install. *was unable to delete a partition(my D drive had a partition I wanted to delete because I had WD Acronis installed and had transferred my partition to my (current) c drive. *malwarebytes anti-malware would not let me enable "website blocking" and would inadvertantly turn off when I was able to enable it. *Kaspersky wouldn't update after I ran windows update(I always update it and run a virus scan before rebooting to scan new updates for viruses/imalware) *Malwarebytes anti-malware refused to load after windows update and installing internet explorer 8 *when I rebooted after installing internet explorer 8, windows hung on my desktop with no icons and and a message on the left top corner of the screen said "loading personal settings" when I haven't set up internet explorer. the only user on my PC is me and no one else! computer is slow to on start up and Kaspersky takes 2 or more minutes to load into task bar. *Malwarebytes anti-malware is slow to start when I want to open it to do a manual scan *computer generally slow, internet explorer 8 slow to open, takes nearly a minute for browser to pop up. *windows update site slow to load. Sorry! First time on this forum, I misinterpeted the instructions, only human. I'll post the dds and attach.txt here: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 11:28:13 on 2013-03-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362745571437 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll . ============= SERVICES / DRIVERS =============== . R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-7 116264] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2013-3-7 77056] R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2013-3-7 83392] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-8 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-8 398184] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-8 682344] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-8 99856] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-10-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-10-25 24920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-8 21104] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-8 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] . =============== Created Last 30 ================ . 2013-03-08 16:26:20 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-08 16:25:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-08 16:25:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-08 16:25:55 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-08 16:25:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-08 16:25:55 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-08 16:25:55 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-08 16:25:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-08 16:25:54 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-08 14:09:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-08 13:52:48 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-08 13:46:11 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-08 13:04:39 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-08 13:04:13 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-08 13:03:55 -------- d-----w- c:\windows\ie8updates 2013-03-08 13:03:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-08 13:03:49 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-08 13:03:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-08 13:03:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-08 13:03:49 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-08 13:03:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-08 13:03:49 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-08 13:03:09 -------- dc-h--w- c:\windows\ie8 2013-03-08 12:41:13 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-08 12:41:13 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-08 12:39:41 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-08 12:33:11 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-08 12:33:10 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-08 12:33:10 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-08 12:33:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-08 12:32:32 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-08 12:32:32 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-08 12:31:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-08 12:31:35 -------- d-----w- c:\windows\system32\PreInstall 2013-03-08 12:31:33 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-08 12:26:08 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-08 12:12:34 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-08 11:00:41 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-08 11:00:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-08 11:00:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 10:32:07 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-08 10:32:07 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-08 10:32:01 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-08 10:19:48 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-08 10:19:43 -------- d-----w- c:\program files\OpenAL 2013-03-08 10:16:59 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-08 10:16:24 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-08 10:06:37 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-08 10:06:27 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-08 10:06:27 41984 ------w- c:\windows\Ctregrun.exe 2013-03-08 10:06:11 90112 ------w- c:\windows\Updreg.EXE 2013-03-08 10:05:42 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-08 10:05:42 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-08 10:05:12 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-08 10:05:12 -------- d-----w- c:\windows\system32\Data 2013-03-08 10:04:53 -------- d-----w- c:\program files\Creative 2013-03-08 10:03:55 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2013-03-08 10:03:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2013-03-08 10:03:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2013-03-08 10:03:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-03-08 10:03:55 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2013-03-08 10:03:55 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2013-03-08 10:03:54 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2013-03-08 10:03:54 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2013-03-08 09:53:42 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-08 09:52:04 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys 2013-03-08 09:52:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2013-03-08 09:52:03 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys 2013-03-08 09:52:03 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2013-03-08 09:52:02 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys 2013-03-08 09:52:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2013-03-08 09:52:01 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys 2013-03-08 09:52:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2013-03-08 09:52:00 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys 2013-03-08 09:52:00 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2013-03-08 09:34:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-08 09:34:09 -------- d-----w- c:\windows\system32\URTTemp 2013-03-08 09:19:54 -------- d-----w- c:\windows\system32\appmgmt 2013-03-08 05:04:55 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2013-03-08 05:04:55 601408 ----a-w- c:\windows\system32\drivers\timntr.sys 2013-03-08 05:04:55 125472 ----a-w- c:\windows\system32\drivers\vididr.sys 2013-03-08 05:01:54 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-08 05:00:18 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys . ==================== Find3M ==================== . 2013-03-08 11:25:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-08 09:51:44 0 ----a-w- c:\windows\ativpsrm.bin 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll 2012-12-27 10:24:19 81920 ------w- c:\windows\system32\ieencode.dll 2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SiI_____ rev.1100 -> Harddisk1\DR1 -> \Device\Scsi\UlSata1Port2Path0Target0Lun0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll SCSIPORT.SYS SI3112r.sys c:\windows\system32\drivers\vsflt53.sys Acronis Acronis Virtual Disk c:\windows\system32\drivers\SI3112r.sys Silicon Image, Inc Medley 1 ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Harddisk1\DR1[0x8A603AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE190] -> [0x8A693648] 5 vsflt53[0xB9F60C2B] -> ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Scsi\SI3112r1Port3Path0Target0Lun0[0x8A637A38] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 586088446 (+255): user != kernel . ============= FINISH: 11:29:01.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/7/2013 10:46:52 PM System Uptime: 3/8/2013 11:17:26 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 279 GiB total, 272.893 GiB free. D: is FIXED (NTFS) - 932 GiB total, 930.62 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . AMD Catalyst Install Manager Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 OpenAL Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2792100) Security Update for Windows XP (KB2797052) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Sound Blaster X-Fi Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 . ==== Event Viewer Messages From Past Week ======== . 3/8/2013 4:05:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0. 3/7/2013 11:52:59 PM, error: Distributed Link Tracking Client [12507] - The volume ID for D: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. . ==== End Of File =========================== attach.txt
  4. malwarebytes anti-malware successfully blocked access to a potentially malicious website: 89.28.24.188 Type: outgoing
  5. I have laptop running Windows 7 32-bit on which I recently opened up a flash drive.The folders in it was changed to shortcuts.I tried scanning the flash drive with many antivirus scanners and anti-malware scanners. All returned results with no infections.Yesterday I noticed that multiple icons for Windows Update center keep popping up in the notification tray. However when I hover the cursor over to it , it automatically disappears.I also noticed when I open up the install shields for Malwarebytes and Avast antivirus, it automatically closes .I have observed the same when opening msconfig. I have read the instructions provided in the sub forum and downloaded dds files.When I tried to run them and generate reports the window automatically disappears like the ones I mentioned above. Please provide assistance as immediately as possible.Thanks.
  6. I have laptop running Windows 7 32-bit on which I recently opened up a flash drive.The folders in it was changed to shortcuts.I tried scanning the flash drive with many antivirus scanners and anti-malware scanners. All returned results with no infections.Yesterday I noticed that multiple icons for Windows Update center keep popping up in the notification tray. However when I hover the cursor over to it , it automatically disappears.I also noticed when I open up the install shields for Malwarebytes and Avast antivirus, it automatically closes .I have observed the same when opening msconfig. Please provide assistance as immediately as possible.
  7. Hello, I was downloading software for my animation program and got a download starting from bandoo "livid". I stopped it but my computer restarted my computer, took a long time and was quite slow to do so but before it did complete start up I received a message I had disc had errors and need to be checked. After this was finshed, I ran malwarebyes pro and tightened all my settings. Now only in chrome does www.searchnu.com/406 show up but is blocked by malwarebytes. But it tells me this is probably still on the computer somewhere and I'd like to erradicate it wherever it is. I did notice when the disc was being checked my avast setup files were being deleted but didn't see anything else out of the ordinary. My avast still runs fine but may uninstall and reinstall to be certain it wasn't changed in anyway. I just noticed my wifi technology network adapter is gone which I can probably remedy. I can post a log if necessary to get to bottom of this dasterdly software. In meantime I will keep looking as well. thanks in advance, Cynthia DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by lapfarm at 20:44:23 on 2013-03-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7924.5333 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WLANExt.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe C:\Program Files\Jitsi\Jitsi.exe C:\Program Files (x86)\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe C:\Program Files\Jitsi\Jitsi.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Windows\system32\lxdccoms.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\lapfarm\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchnu.com/406 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll uRun: [Jitsi] C:\Program Files\Jitsi\Jitsi.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{D2F11C76-90A4-4EF9-A8BF-496F8F28AFB3} : DHCPNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{D2F11C76-90A4-4EF9-A8BF-496F8F28AFB3}\16C636 : DHCPNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{D2F11C76-90A4-4EF9-A8BF-496F8F28AFB3}\65562796A7F6E6D2839303C4D224445413 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{EDBD430C-380A-44A0-ABE1-21A1407C35F2} : DHCPNameServer = 192.168.0.1 205.171.3.25 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" x64-Run: [lxdcmon.exe] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe" x64-Run: [lxdcamon] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\lapfarm\AppData\Roaming\Mozilla\Firefox\Profiles\9dq1rpor.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-amonetizetest1-chromesbox-en-us&tb_uuid=20120916002626681&tb_oid=10-10-1010&tb_mrud=10-10-1010 FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=563&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1124393526524842&o=APN10645&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Users\lapfarm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\lapfarm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\lapfarm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\lapfarm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\lapfarm\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-01-14 07:19; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - ExtSQL: 2013-02-18 15:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\lapfarm\AppData\Roaming\Mozilla\Firefox\Profiles\9dq1rpor.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-3-8 25960] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-29 53488] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-7-18 21616] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-8 98208] R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-12-25 100864] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-18 13336] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 828072] R2 lxdc_device;lxdc_device;C:\Windows\System32\lxdccoms.exe -service --> C:\Windows\System32\lxdccoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-18 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-29 682344] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-18 2533400] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-3-8 27760] R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2012-3-8 1799808] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-8 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-8 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-8 287232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-29 24176] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2012-3-8 7689216] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-8 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-8 184968] R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-3-8 29288] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-8 344680] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdcserv.exe [2007-5-25 34224] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-22 1431888] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-3-8 172632] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-19 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-20 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== File Associations =============== . ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1" . =============== Created Last 30 ================ . 2013-03-05 19:57:01 -------- d-s---w- C:\Windows\SysWow64\Microsoft 2013-03-05 08:46:41 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DC90B38-3910-4DA6-93AE-BB94D14DA509}\mpengine.dll 2013-03-04 02:08:43 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-03-03 06:41:37 -------- d-sh--w- C:\found.000 2013-03-03 06:29:02 -------- d-----w- C:\Users\lapfarm\AppData\Local\iLivid 2013-03-02 03:48:07 -------- d--h--w- C:\ProgramData\Common Files 2013-03-02 03:47:49 -------- d-----w- C:\Program Files (x86)\GRETECH 2013-03-01 23:03:01 -------- d-----w- C:\Users\lapfarm\AppData\Roaming\inData 2013-03-01 22:46:54 -------- d-----w- C:\ProgramData\inData 2013-03-01 19:39:14 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-03-01 19:39:00 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-03-01 19:38:51 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-03-01 19:38:43 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-02-28 15:43:38 -------- d-----w- C:\Users\lapfarm\AppData\Roaming\Lexmark Productivity Studio 2013-02-28 15:43:12 -------- d-----w- C:\Program Files\Lx_cats 2013-02-28 15:43:02 -------- d-----w- C:\logs 2013-02-28 15:43:00 125952 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdcdrpp.dll 2013-02-28 15:40:26 -------- d-----w- C:\lexmark 2013-02-28 13:47:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-24 23:08:07 -------- d-----w- C:\Program Files\iPod 2013-02-24 23:08:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-24 23:08:06 -------- d-----w- C:\Program Files\iTunes 2013-02-24 23:08:06 -------- d-----w- C:\Program Files (x86)\iTunes 2013-02-24 03:48:18 -------- d-----w- C:\Users\lapfarm\AppData\Local\Opera 2013-02-21 21:24:29 60864 ----a-w- C:\Users\lapfarm\g2mdlhlpx.exe 2013-02-19 06:21:09 -------- d-----w- C:\Users\lapfarm\AppData\Roaming\Jitsi 2013-02-19 06:20:55 -------- d-----w- C:\Program Files\Jitsi 2013-02-16 21:26:47 -------- d-----w- C:\Windows\Noslip 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-13 09:02:15 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:02:14 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 07:33:06 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 07:33:01 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 07:32:59 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 07:32:55 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 07:32:51 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 07:32:50 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 07:32:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 07:32:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 07:32:50 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 07:32:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 07:32:44 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 07:32:43 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-08 20:18:06 -------- d-----w- C:\Users\lapfarm\AppData\Local\Programs 2013-02-08 02:40:19 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll 2013-02-08 02:20:39 -------- d-----w- C:\Users\lapfarm\AppData\Roaming\Creative Home . ==================== Find3M ==================== . 2013-03-04 02:08:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll 2013-03-04 02:08:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-02-28 13:46:51 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-28 13:46:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-27 02:06:21 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 02:06:21 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-13 17:49:42 450136 ----a-w- C:\Windows\System32\drivers\vsdatant.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs . ============= FINISH: 20:44:43.83 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/18/2012 4:59:08 PM System Uptime: 3/5/2013 2:31:40 PM (6 hours ago) . Motherboard: Dell Inc. | | 00CKNG Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz | U2E1 | 1173/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 583 GiB total, 439.447 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP99: 2/28/2013 3:00:13 AM - Windows Update RP100: 2/28/2013 7:46:15 AM - Installed Java 7 Update 15 RP101: 3/1/2013 4:47:09 PM - Installed DepoView 5.2. RP102: 3/1/2013 5:01:03 PM - Installed DepoView 5.2. RP103: 3/1/2013 5:07:38 PM - Installed Bridge RP104: 3/2/2013 6:47:20 AM - Removed Bridge RP105: 3/2/2013 6:48:04 AM - Removed DepoView 5.2. RP106: 3/3/2013 12:16:00 AM - Removed Ulead GIF Animator RP107: 3/3/2013 8:07:51 PM - Installed Java 7 Update 15 (64-bit) RP108: 3/5/2013 2:46:16 AM - Windows Update RP109: 3/5/2013 10:59:16 AM - Installed Jitsi RP110: 3/5/2013 1:58:03 PM - avast! Free Antivirus Setup RP111: 3/5/2013 2:09:12 PM - avast! Free Antivirus Setup RP112: 3/5/2013 2:30:10 PM - avast! Free Antivirus Setup . ==== Installed Programs ====================== . Moyea Free Flash Downloader version 1.3.0.0 Moyea SWF4Tube Converter version 4.0.0.0 3DVista Show 3.0 AccelerometerP11 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 6.0 Adobe Reader X (10.1.6) Any Video Converter 3.5.8 Any Video Converter 5 5.0.3 Apple Application Support Apple Mobile Device Support Apple Software Update Autodesk 3ds Max 2012 64-bit - English Autodesk Backburner 2012.0.0 Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Autodesk Material Library Medium Resolution Image Library 2012 AVerMedia H339 Hybrid TV Tuner 2.2.64.64 Bonjour CCleaner Composite 2012 64-bit Coupon Printer for Windows D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Download Manager Dell Edoc Viewer Freemake Video Converter version 3.2.1 Google Talk (remove only) Google Talk Plugin GoToMeeting 5.4.0.1082 Hallmark Card Studio 2007 Deluxe iCloud Intel PROSet Wireless Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Turbo Boost Technology Monitor Intel® Wireless Display iTunes Java 7 Update 15 Java 7 Update 15 (64-bit) Java Auto Updater JavaFX 2.1.1 Jitsi JMicron Flash Media Controller Driver Lexmark 1300 Series Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nature Illusion Studio Ning Network Archiver NVIDIA 3D Vision Driver 266.39 NVIDIA Control Panel 266.39 NVIDIA Graphics Driver 266.39 NVIDIA Install Application NVIDIA Optimus 1.0.11 NVIDIA Stereoscopic 3D Driver NVIDIA Update Components Opera 12.14 Pano2VR - Garden Gnome Software Photo Common Photo Gallery Photo! Editor 1.1 PhotoSuite 7 Platinum Portrait Professional Studio 9.8 Quickset64 QuickTime Realtek High Definition Audio Driver Roxio PhotoShow Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Synaptics Pointing Device Driver Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Win DVD Maker 3.5 Windows 7 USB/DVD Download Tool Windows DVD Maker 3.1 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Windows Movie Maker 2.6 WMV.WMA.MP3 Converter 1.2 Yahoo! Messenger Yahoo! Software Update ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 3/5/2013 2:33:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DVDVRRdr_xp UDFReadr 3/5/2013 2:32:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdcCATSCustConnectService service to connect. 3/5/2013 2:32:23 PM, Error: Service Control Manager [7000] - The lxdcCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/5/2013 2:31:46 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\UDFReadr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 3/5/2013 2:31:46 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\DVDVRRdr_xp.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 3/5/2013 2:25:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IswSvc service. 3/5/2013 10:39:17 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87 3/5/2013 10:12:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect. 3/5/2013 10:12:31 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/5/2013 1:09:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 3/3/2013 12:34:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 3/3/2013 11:02:48 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ABUNDANT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2F11C76-90A4-4EF9-A8BF-496F8F28AFB3}. The master browser is stopping or an election is being forced. 3/3/2013 1:53:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect. 3/3/2013 1:53:57 AM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2013 9:42:30 AM, Error: Service Control Manager [7030] - The lxdc_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/28/2013 3:19:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 2/28/2013 3:19:12 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/27/2013 10:36:13 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 2/27/2013 10:36:13 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File ===========================
  8. Hello. Recently, whenever I log into my account on my computer, I receive a system error saying "Could not load C:\Users\Jonah\AppData\Local\ATI\APPS\dhzixr.dll" I researched this, and figured out that dhzixr.dll is a malicious file, and most likely Malwarebytes went ahead and deleted it during the scan. However, the malware that I seem to have been infected with must have added the dll to my registry right after Malwarebytes got to it. In my ATI folder, I do not have an APPS folder. I was almost thinking of creating a new folder, and creating an empty file called dhzixr.dll to stop the warning prompt on each log in, but I wanted to solve the problem, not cover it up. My computer is Win7, it's a shared computer and this warning does not happen on anyone else's account on this computer. So, I'm here to ask you guys what is the smartest thing to do? Remove the dll from my registry(Never used regedit.exe, I would need help with this)? Do a special type of scan? Spam some other forum with my problems? Any help would be appreciated, If you need anymore information and/or specs I would be happy to supply them. Thank you and have a nice day.
  9. MBAM (pro) found hijack.homepage and I removed it a couple of times but it is still coming back, I also tried to manually delete the registry key but the acces was denied. I copied the DDS, attach and hijackthis files. Help would be appreciated. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by Jafar at 14:35:24 on 2013-03-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2167 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Java\jre6\bin\jusched.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.nl/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file> TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork uRun: [ctfmon.exe] "C:\Windows\System32\ctfmon.exe" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Google Update] "C:\Users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Jafar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\Users\Jafar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\xfire.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: HideSCAHealth = dword:1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab TCP: NameServer = 87.236.0.10 62.166.128.20 TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94} : DHCPNameServer = 87.236.0.10 62.166.128.20 TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}\275797368627F636B6C61616E602135323 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}\77962756C6563737 : DHCPNameServer = 87.236.0.10 62.166.128.20 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file> Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - LocalServer32 - <no file> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file> x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file> x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - LocalServer32 - <no file> x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file> x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\ FF - prefs.js: keyword.URL - true FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Users\Jafar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - 86897b9100000000000000ffd2a20c58 FF - user.js: extensions.BabylonToolbar_i.hardId - 86897b9100000000000000ffd2a20c58 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:17:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . user_pref('extensions.dealply.partner', 'vita'); . user_pref('extensions.dealply.channel', 'vitadownloadsoft'); . user_pref('extensions.dealply.installId', 'v23500262860150497696052012070522451839'); . user_pref('extensions.dealply.installIdSource', 'inst'); . user_pref('extensions.dealply.sampleGroup', '9'); . . . . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-29 55280] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-11 402992] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768] R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-11 334384] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-11 561800] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110325.001\IDSviA64.sys [2011-3-26 476792] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-4 203264] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 682344] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648] R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2013-3-2 792608] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2013-3-2 794272] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-11-8 189984] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-29 104960] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-29 411496] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-20 968880] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-29 19968] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-9-4 35104] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-28 270912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-24 24176] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-9-4 11392] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-22 1286784] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" --> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2013-3-2 1147424] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-22 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-9-29 167424] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-29 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-29 70952] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-29 427304] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-29 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-29 91432] S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2013-3-2 1160224] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2010-3-29 142848] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-29 468264] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-29 357672] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-29 110888] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2013-03-03 13:18:22 388096 ----a-r- C:\Users\Jafar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-03 13:18:21 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-03 12:50:13 -------- d-----w- C:\Users\Jafar\AppData\Local\{6137AA93-F99C-4DFB-8795-B531F647FE0E} 2013-03-03 12:15:30 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-03 12:12:08 208216 ----a-w- C:\Windows\System32\drivers\12845916.sys 2013-03-03 10:15:01 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E645625B-C568-47B3-B76B-89E3E01D094E}\mpengine.dll 2013-03-03 10:03:23 -------- d-----w- C:\Users\Jafar\AppData\Local\{DE7AFFB8-E9C4-4144-8055-DE294481D8E2} 2013-03-02 22:33:12 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Registry Mechanic 2013-03-02 22:08:13 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Norton Utilities 16 2013-03-02 21:46:47 -------- d-----w- C:\Users\Jafar\AppData\Local\{352F51B6-1A87-44F2-81AD-0536B6C723BC} 2013-03-02 21:42:29 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll 2013-03-02 21:42:02 -------- d-----w- C:\Program Files (x86)\Symantec 2013-03-02 21:41:08 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Product_NU16 2013-03-02 21:29:57 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx 2013-03-02 21:29:57 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx 2013-03-02 21:29:56 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx 2013-03-02 21:29:56 40992 ----a-w- C:\Windows\System32\CleanMFT64.exe 2013-03-02 21:29:55 513696 ----a-w- C:\Windows\SysWow64\msxml.dll 2013-03-02 21:29:27 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2013-03-02 21:29:24 -------- d-----w- C:\Program Files (x86)\PC Tools 2013-03-02 21:28:48 -------- d-----w- C:\ProgramData\PC Tools 2013-03-02 21:28:44 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Product_RM 2013-03-02 00:51:44 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-01 08:19:35 -------- d-----w- C:\Users\Jafar\AppData\Local\{63D3EF47-9CFD-48E7-8F23-C26A3D8BFA71} 2013-02-27 15:40:30 -------- d-----w- C:\Program Files\THQ 2013-02-27 09:16:25 -------- d-----w- C:\Users\Jafar\AppData\Local\{CC706479-A4DD-41E4-9AAD-5D225D035C6C} 2013-02-26 11:49:06 -------- d-----w- C:\Users\Jafar\AppData\Local\{0843E0D4-D382-4937-8141-E3922B1ECB7E} 2013-02-25 10:11:50 -------- d-----w- C:\Users\Jafar\AppData\Local\{23053F68-D87F-4F35-8D03-6ABD2B8B1F17} 2013-02-24 21:08:06 -------- d-----w- C:\Users\Jafar\AppData\Local\{315AE101-18DD-4139-B8B2-9B02B437DB9E} 2013-02-24 17:22:10 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Malwarebytes 2013-02-24 17:21:48 -------- d-----w- C:\ProgramData\Malwarebytes 2013-02-24 17:21:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-02-24 17:21:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-23 09:04:23 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo 2013-02-23 09:03:53 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis 2013-02-23 09:02:50 -------- d-----w- C:\Program Files (x86)\Corel 2013-02-23 08:52:48 -------- d-----w- C:\Users\Jafar\AppData\Local\{1E6D22EE-D822-42A5-A700-313AC0E0BE4A} 2013-02-22 16:32:12 -------- d-----w- C:\ProgramData\Corel 2013-02-22 16:21:09 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-22 15:53:34 -------- d-----w- C:\Users\Jafar\AppData\Local\{7BF68A3D-F819-43F6-8464-1710E0443DB7} 2013-02-22 15:36:35 -------- d-----w- C:\AMD 2013-02-22 15:26:43 -------- d-----w- C:\Update 2013-02-22 15:24:48 -------- d-----w- C:\Users\Jafar\AppData\Local\{F46E01CE-81E5-4ECF-8B53-942AD4DD5BD1} 2013-02-21 10:55:03 -------- d-----w- C:\Users\Jafar\AppData\Local\{7222F380-0D34-458D-9250-9FDF20D68FEF} 2013-02-21 05:43:07 -------- d-----w- C:\Users\Jafar\AppData\Local\{152FEFC8-D6F7-4CBA-B81B-E7382BF6AA42} 2013-02-20 05:29:05 -------- d-----w- C:\Users\Jafar\AppData\Local\{1868A36A-C706-4714-BD1C-78E0DD46DE81} 2013-02-18 11:54:27 -------- d-----w- C:\Users\Jafar\AppData\Local\{085EE261-AE56-4483-B9F6-37C506362C17} 2013-02-17 11:10:10 -------- d-----w- C:\Users\Jafar\AppData\Local\{9EE2FB89-6BFD-4AC8-BA9E-6B0C8E508815} 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-15 15:44:21 -------- d-----w- C:\Users\Jafar\AppData\Local\{26E42E33-2EC8-48C0-A449-7BA703D0F1A1} 2013-02-14 13:27:55 -------- d-----w- C:\Users\Jafar\AppData\Local\{807CF248-426A-42BF-B15B-22F489E82DA6} 2013-02-13 20:29:54 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 20:29:54 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 20:26:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2013-02-13 20:26:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll 2013-02-13 20:26:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll 2013-02-13 20:26:58 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2013-02-13 14:01:19 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 14:01:17 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 14:01:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 14:01:05 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 14:01:02 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 14:01:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 14:01:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 14:01:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 14:01:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 14:00:55 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 14:00:52 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 14:00:52 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 13:51:18 -------- d-----w- C:\Users\Jafar\AppData\Local\{92856DDA-9646-44E8-B7F0-AFCE807D6ADC} 2013-02-11 18:27:05 -------- d-----w- C:\Program Files (x86)\Auslogics 2013-02-10 14:13:29 -------- d-----w- C:\Users\Jafar\AppData\Local\{F60DDF83-213E-46E2-941C-87A01F44A27E} 2013-02-10 14:13:28 -------- d-----w- C:\Users\Jafar\AppData\Roaming\AVG2013 2013-02-10 14:02:49 -------- d-----w- C:\ProgramData\AVG2013 2013-02-10 13:54:58 -------- d-----w- C:\Users\Jafar\AppData\Local\MFAData 2013-02-10 13:54:58 -------- d-----w- C:\Users\Jafar\AppData\Local\Avg2013 2013-02-10 13:52:43 -------- d-----w- C:\ProgramData\AVAST Software 2013-02-10 13:52:43 -------- d-----w- C:\Program Files\AVAST Software 2013-02-10 13:27:53 208216 ----a-w- C:\Windows\System32\drivers\23856517.sys 2013-02-10 09:33:35 -------- d-----w- C:\Program Files (x86)\Dead Space 3 2013-02-08 16:49:57 -------- d-----w- C:\Users\Jafar\AppData\Local\{BC339610-D1AD-4E94-98EE-A8C7D9E62CE8} 2013-02-07 14:01:09 -------- d-----w- C:\Users\Jafar\AppData\Local\{1A34EA39-93F1-4C7F-B33C-4998C7F6D5B4} 2013-02-06 14:30:44 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Auslogics 2013-02-06 14:30:25 -------- d-----w- C:\Program Files (x86)\Auslogics Disk Defrag Professional 2013-02-06 14:15:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2013-02-06 14:15:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2013-02-06 14:15:01 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2013-02-06 06:52:00 -------- d-----w- C:\Riot Games 2013-02-05 15:47:27 -------- d-----w- C:\Users\Jafar\AppData\Local\{E2E47383-190D-4110-9BD4-B67AF9A09262} 2013-02-04 14:25:05 -------- d-----w- C:\Users\Jafar\AppData\Local\{CD6D0266-71F8-497B-B309-3607FE6CFF0C} . ==================== Find3M ==================== . 2013-02-27 13:42:21 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-27 13:42:20 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-22 16:20:55 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-02-22 16:20:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-20 21:15:21 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-20 14:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 14:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 08:24:59 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-01-12 11:26:44 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs . ============= FINISH: 14:38:01,52 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 19-2-2010 7:50:42 System Uptime: 3-3-2013 13:47:32 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | N/A | 785/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 458 GiB total, 372,069 GiB free. E: is Removable F: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP682: 3-3-2013 13:30:03 - jwz RP683: 3-3-2013 14:17:40 - Installed HiJackThis . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 10 ActiveX 64-bit Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) - Nederlands Adobe Shockwave Player 11.5 Alps Pointing-device for VAIO AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update Application Manager for VAIO ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 3 Auslogics Disk Defrag Professional Auslogics Disk Defrag Professional version 4.2.1.0 AVG 2012 AVG 2013 AVG Security Toolbar BitTorrent Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cheat Engine 6.1 Click to Disc Click to Disc Editor CopyTrans Suite Remove Only Corel WinDVD D3DX10 DAEMON Tools Lite DC Mod Manager Dead Space™ 3 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dolby Control Center Download Manager 2.3.10 Facebook Video Calling 1.2.0.287 GhostMouse Google Chrome Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.5 HiJackThis HTC BMP USB Driver HTC Driver Installer HTC Sync iCloud Inquisition Daemonhunt Intel® Matrix Storage Manager iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 15 (64-bit) Java SE Development Kit 6 Update 15 (64-bit) Junk Mail filter update Just Great Software EditPad Lite 7.0.3 League of Legends Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft DirectX SDK (June 2010) Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Language Pack 2007 - Dutch/Nederlands Microsoft Office O MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office X MUI (Dutch) 2007 Microsoft Outlook 2010 Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Web Platform Installer 3.0 Mozilla Firefox 5.0 (x86 nl) MSVC80_x64_v2 MSVC80_x86_v2 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Music Transfer Norton Internet Security Norton Utilities 16 NVIDIA PhysX PC Connectivity Solution PC Tools Registry Mechanic 11.1 PhotoFiltre Primo QuickBooks Financial Center QuickTime RadLight 4.0 FINAL Regi Runtime Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setting Utility Series SmartWi Connection Utility Sony Home Network Library Sony Picture Utility Steel Legion DC 1.0.0 Subtitle Workshop 2.51 Symantec Technical Support Web Controls Teach2000 version 8.53 Tyranid Mod 0.5b2 for Soulstorm Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VAIO Care VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Entertainment Platform VAIO Event Service VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Movie Story VAIO Movie Story Template Data VAIO OOBE and Startup Assistant VAIO Original Function Settings VAIO Power Management VAIO Presentation Support VAIO Survey VAIO Update VAIO Wallpaper Contents Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 1.1.9 VU5x64 VU5x86 WIDCOMM Bluetooth Software Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.00 (64-bit) Xfire (remove only) XviD MPEG4 Video Codec (remove only) YourFileDownloader . ==== Event Viewer Messages From Past Week ======== . 3-3-2013 14:32:33, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 3-3-2013 13:49:38, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3-3-2013 13:49:38, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 3-3-2013 13:48:02, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed. 3-3-2013 13:47:48, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 3-3-2013 13:47:48, Error: atikmdag [43029] - Display is not active 27-2-2013 13:55:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 27-2-2013 13:40:32, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s). 27-2-2013 13:40:06, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 25-2-2013 12:55:49, Error: bowser [8003] - The master browser has received a server announcement from the computer ROB-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}. The master browser is stopping or an election is being forced. 25-2-2013 11:40:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2-3-2013 23:12:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 2-3-2013 12:33:03, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== my hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:35:51, on 3-3-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Jafar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DD6VQZB1\dds.scr C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Jafar\AppData\Local\Temp\nshC505.tmp\PEV.DAT R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (file missing) O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18349 bytes
  10. my computer has slowed to almost not responding, my processes "svchos"t in task manager have doubled, just need someone to check out my logs if possible. Thank You!
  11. Hello, I have an annoying issue, I recently got rid of an annoying re-direct virus around 1-2 weeks ago. A day or two later I started noticing Internet Explorer (IE) as an active process in Task Manager, even though I did not have it actively pulled up. The name of the website also changed, and sometimes there were 3 or 4 different IE processes pulled up. Occasionally I would encounter audio ads. I was unable to try and end the process like you would normally end any program that was not responding or was slow to exit normally. I had to go to processes in order to exit the ads out, however within only a few minutes the random IE programs were running in the background again. I scanned my computer with Malwarebytes, Avast, and Spybot Search and Destroy. Malwarebytes had previously destroyed the re-direct virus, but found nothing when I tried to remove these audio ads. Avast! also found nothing, so I downloaded Spybot Search and Destroy, and it came up with around 84 problems, and I had them fixed, however this still did not remove the problem. Any further help would be greatly appreciated as soon as possible! Thank you for your time.
  12. I've managed to pick up some new Malware which isint being picked up by any of the scanners. I have some experience with malware removal in a sandbox; but as this is on my core system, and seems relatively new, I decided not to fiddle. I'll be awaiting instructions... Sorry about all the junk programs.... maybe its about time I re-install lol. I have the both DDS.txt and Attach.txt scans (in safe more), should I upload these?
  13. Hi, I have asked around on Blender forums, installed old versions, uninstalled them, multiple times, updated drivers, done disk checks...and still Blender is effectively useless. It take about 10 times as long as before to start, and ANY commands put it into a "not responding " state for the next 5 minutes EVERY time. While it is by far the most effected program (and the one I need the most for work ) many programs are behaving strangely, blinking to the desktop when windows are clicked, and especially dropdown menues immediately closing when I try to change the file types for saving. I have Bit Defender 2013 and Driver updater, but now I see I have Yontoo ( and uTorrent ) which caused me to find this forum. My drivers should be completely up to the minute as all I checked were, and Bit Defender say everything is fins, when clearly something is very not fine. I tried to restore my computer but the oldest restore point is just a week old, so now, honestly can"t think of anything else to do, shy of MANUALLY uninstalling everything back about 2 weeks, which I'm not sure how to do and in the last two weeks would be a LOT of work. I HAVE TO SOLVE this issue or my computer effectively become a 3 month old $2000 paperweight wrt my most important software by far ( Blender ), but the problem seems to be growing to other programs as indicated by general system blinkiness. Please help me find a solution. Thanks, Tim
  14. I have malwarebytes installed and still got hijacked earlier today. I get the same hijack screen whether I start normally, in safe mode, or safe mode with networking. I can't use the computer at all now. Am running Windows 7 Home on a Toshiba i5 laptop. Is there any other information that I can provide to better lead to a solution, keeping in mind that I've not been able to get back into my laptop. Thx much in advance!
  15. I recently installed Windows 7 as a clean install on a dual boot system with my old Windows XP. Win 7 is on my C: partition and Win xp is on my D: partition. A separate HDD (E:) has all my data files. In the last week, I have had three instances of ongoing activity in the background (Win 7 rotating circle). When I open up Task Manager and look under Processes, there are multiple (maybe a dozen or so) instances of an exe file with random names each time this occurs. The last instance was "vDizV0U.exe". The description shows "ssh, telnet", similar to ccleaner.exe which I also have installed. The only way I can disable these instances is to reboot. Is this malware or a virus, or is it connected to ccleaner? Any suggestions would be appreciated. I have attached the dds.txt and attach.txt log files. Thanks, Brian DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2 Run by BMO-WIN-7 at 15:02:40 on 2013-02-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2458 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Users\BMO-WIN-7\AppData\Local\Temp\ccleaner.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\BMO-WIN-7\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\C0100Mon.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [Creative Live! Cam Manager] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" uRun: [Windows-Audio-HD-Driver-Component] "C:\Users\BMO-WIN-7\AppData\Roaming\Audio-HD-Service.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [C0100Mon.exe] C:\Windows\C0100Mon.exe StartupFolder: C:\Users\BMO-WI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BMO-WIN-7\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\BMO-WI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\BMO-WI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html TCP: NameServer = 64.185.96.68 64.185.96.4 TCP: Interfaces\{116CA69F-9CF5-4758-8B79-E4A16EEC3B66} : DHCPNameServer = 64.185.96.68 64.185.96.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-Run: [Windows-Audio-HD-Driver-Component] "C:\Windows\System32\Audio-HD-Service.exe" x64-Run: [Audio HD Driver] C:\Users\BMO-WI~1\AppData\Local\Temp\ccleaner.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\BMO-WIN-7\AppData\Roaming\Mozilla\Firefox\Profiles\eiom5xqy.default-1361233426602\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-6 52664] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2013-2-6 1263200] R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-2-6 3246040] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-6-19 645088] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-2-6 285280] R3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;C:\Windows\System32\drivers\C0100Afx.sys [2013-2-10 212864] R3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;C:\Windows\System32\drivers\C0100Aud.sys [2013-2-10 123136] R3 C0100Aul;Provides a software interface to control audio formats of VC0100 camera.;C:\Windows\System32\drivers\C0100Aul.sys [2013-2-10 6144] R3 C0100Dev;Creative Camera VC0100 Driver;C:\Windows\System32\drivers\C0100Dev.sys [2013-2-10 265824] R3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;C:\Windows\System32\drivers\C0100Vfx.sys [2013-2-10 11776] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 ampa;ampa;C:\Windows\System32\ampa.sys [2013-2-6 15288] S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-10 25704] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-6 1255736] . =============== Created Last 30 ================ . 2013-02-19 22:22:24 -------- d-----w- C:\ProcessExplorer 2013-02-19 22:08:41 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88BEB624-5210-47F1-A45D-06040ADAD133}\mpengine.dll 2013-02-18 16:48:48 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-18 00:09:09 -------- d-----w- C:\Program Files (x86)\ZipGenius 6 2013-02-17 22:27:00 -------- d-----w- C:\Games 2013-02-17 22:26:22 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\FOMM 2013-02-17 22:26:08 -------- d-----w- C:\Program Files (x86)\GeMM 2013-02-17 18:41:19 64000 ---h--w- C:\Users\BMO-WIN-7\AppData\Roaming\ccleaner.exe 2013-02-17 18:34:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-17 18:30:37 64000 ---h--w- C:\Users\BMO-WIN-7\AppData\Roaming\Audio-HD-Service.exe 2013-02-17 16:02:32 64000 ---h--w- C:\Windows\System32\Audio-HD-Service.exe 2013-02-17 16:02:32 64000 ---h--w- C:\Program Files\Common Files\Windows-Auth-Host-Service.exe 2013-02-17 16:02:30 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\GooglePlug 2013-02-15 20:45:37 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2013-02-15 20:45:37 366592 ----a-w- C:\Windows\System32\qdvd.dll 2013-02-15 20:45:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-02-15 20:45:36 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-02-15 20:45:36 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-02-15 20:45:36 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-15 20:45:36 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-02-15 20:45:36 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-02-15 20:45:36 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2013-02-15 17:25:27 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 17:25:27 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 17:18:13 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-15 17:18:04 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-15 17:18:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-15 17:18:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-15 17:18:03 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-15 17:18:03 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-15 17:18:02 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-15 17:18:01 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-15 17:18:00 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-15 17:18:00 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-15 17:17:59 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-15 17:17:59 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-11 00:31:13 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd 2013-02-11 00:30:45 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx 2013-02-11 00:30:45 41984 ------w- C:\Windows\Ctregrun.exe 2013-02-11 00:23:44 348160 ------w- C:\Windows\SysWow64\msvcr71.dll 2013-02-11 00:23:43 499712 ------w- C:\Windows\SysWow64\msvcp71.dll 2013-02-11 00:23:42 1060864 ------w- C:\Windows\SysWow64\MFC71.DLL 2013-02-11 00:21:52 -------- d-----w- C:\Program Files (x86)\Creative 2013-02-11 00:21:13 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2013-02-11 00:21:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2013-02-11 00:21:13 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2013-02-11 00:21:13 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2013-02-11 00:21:12 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2013-02-11 00:21:11 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2013-02-11 00:21:11 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2013-02-10 21:44:08 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Oblivion 2013-02-10 21:41:25 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Morrowind 2013-02-10 21:22:41 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\PassMark 2013-02-10 21:22:38 -------- d-----w- C:\ProgramData\Passmark 2013-02-10 21:22:29 -------- d-----w- C:\Program Files\PerformanceTest 2013-02-10 20:26:19 -------- d-----w- C:\Program Files (x86)\CrystalDiskMark 2013-02-10 20:15:13 -------- d-----w- C:\Program Files (x86)\EXIFViewer 2013-02-10 20:14:45 -------- d-----w- C:\Program Files (x86)\Exifer 2013-02-10 18:26:01 -------- d-----w- C:\ProgramData\EA Core 2013-02-10 18:25:39 -------- d-----w- C:\ProgramData\EA Logs 2013-02-10 18:25:20 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2013-02-10 18:20:45 -------- d-----w- C:\Program Files (x86)\PhotoRescue Wizard PC 3.1.7.11394 2013-02-10 17:55:52 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\Origin 2013-02-10 17:55:49 -------- d-----w- C:\Program Files (x86)\Origin Games 2013-02-10 17:55:40 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Origin 2013-02-10 17:51:59 -------- d-----w- C:\ProgramData\Origin 2013-02-10 17:51:58 -------- d-----w- C:\ProgramData\Electronic Arts 2013-02-10 17:51:34 -------- d-----w- C:\Program Files (x86)\Origin 2013-02-10 17:44:06 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks 2013-02-10 17:39:56 -------- d-----w- C:\NeverwinterNights 2013-02-10 17:37:18 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\dxhr 2013-02-10 17:36:43 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\28050 2013-02-10 17:26:20 -------- d-----w- C:\Windows\System32\appmgmt 2013-02-10 17:13:38 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Microsoft Corporation 2013-02-08 21:05:31 -------- d-----w- C:\Windows\SysWow64\directx 2013-02-08 20:44:32 -------- d-----w- C:\Temp 2013-02-08 20:36:06 -------- d-----w- C:\ProgramData\XSettings 2013-02-08 20:34:03 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Skyrim 2013-02-08 16:13:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll 2013-02-08 02:44:33 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\ElevatedDiagnostics 2013-02-08 02:43:57 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Diagnostics 2013-02-08 02:27:37 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL 2013-02-08 01:59:56 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll 2013-02-08 01:59:56 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys 2013-02-08 01:59:54 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys 2013-02-08 01:59:54 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys 2013-02-08 01:59:23 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys 2013-02-08 01:03:06 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Macromedia 2013-02-08 01:02:46 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 01:02:46 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-08 00:20:10 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Black_Tree_Gaming 2013-02-08 00:20:04 -------- d-----w- C:\Program Files\Nexus Mod Manager 2013-02-08 00:10:06 -------- d-----w- C:\Samsung Galaxy S3 ToolKit 2013-02-07 16:19:15 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2013-02-07 16:19:14 -------- d-----w- C:\Program Files (x86)\Steam 2013-02-07 05:50:56 -------- d-----w- C:\Program Files (x86)\XnView 2013-02-07 05:40:37 -------- d-----w- C:\NVIDIA 2013-02-07 04:42:51 -------- d-----w- C:\Program Files (x86)\ASUS 2013-02-07 02:39:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2013-02-07 01:38:56 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\NVIDIA 2013-02-07 00:31:04 -------- d-----w- C:\extensions 2013-02-07 00:30:59 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-02-07 00:25:28 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\ACD Systems 2013-02-07 00:25:28 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\ACD Systems 2013-02-07 00:24:39 -------- d-----w- C:\ProgramData\ACD Systems 2013-02-07 00:24:31 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems 2013-02-07 00:24:31 -------- d-----w- C:\Program Files (x86)\ACD Systems 2013-02-07 00:15:34 306688 ----a-w- C:\Windows\IsUninst.exe 2013-02-07 00:10:37 -------- d-----w- C:\Program Files (x86)\Shutterfly 2013-02-07 00:07:17 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Adobe 2013-02-07 00:05:24 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\CRE 2013-02-07 00:04:06 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys 2013-02-07 00:04:06 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys 2013-02-07 00:04:05 -------- d-----w- C:\Program Files (x86)\MagicDisc 2013-02-06 23:58:35 -------- d-----w- C:\PMAIL 2013-02-06 23:21:13 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\Pegasus Mail 2013-02-06 22:54:33 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-02-06 22:54:16 -------- d-----w- C:\Windows\PCHEALTH 2013-02-06 22:54:16 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-02-06 22:52:49 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-02-06 22:52:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-02-06 22:51:23 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Microsoft Help 2013-02-06 22:39:29 -------- d-----w- C:\ProgramData\Cisco 2013-02-06 22:39:29 -------- d-----w- C:\Program Files (x86)\Cisco 2013-02-06 22:36:54 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Cisco 2013-02-06 22:36:51 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\Cisco 2013-02-06 22:34:52 -------- d-----r- C:\Program Files (x86)\Skype 2013-02-06 22:21:07 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Roxio 2013-02-06 22:18:43 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2013-02-06 22:18:36 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys 2013-02-06 22:18:32 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys 2013-02-06 22:18:26 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys 2013-02-06 21:56:59 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\ArcSoft 2013-02-06 21:56:59 -------- d-----w- C:\ProgramData\ArcSoft 2013-02-06 21:54:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2013-02-06 21:54:55 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-02-06 21:54:55 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2013-02-06 21:54:54 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-02-06 21:53:11 57344 ----a-r- C:\Users\BMO-WIN-7\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2013-02-06 21:25:13 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2013-02-06 21:25:12 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2013-02-06 21:25:12 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2013-02-06 21:25:12 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2013-02-06 21:25:12 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2013-02-06 21:25:11 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2013-02-06 21:25:09 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2013-02-06 21:25:08 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2013-02-06 21:19:12 -------- d-----w- C:\Windows\SysWow64\spool 2013-02-06 21:00:21 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-06 21:00:21 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-06 21:00:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-06 20:53:38 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\ZipGenius 2013-02-06 20:52:23 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-02-06 20:49:47 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared 2013-02-06 20:49:32 52664 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2013-02-06 20:49:32 3584 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2013-02-06 20:49:32 3584 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2013-02-06 20:49:31 -------- d-----w- C:\Program Files (x86)\Roxio 2013-02-06 20:49:31 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-02-06 20:46:03 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-02-06 20:45:23 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\Malwarebytes 2013-02-06 20:45:21 -------- d-----w- C:\ProgramData\Malwarebytes 2013-02-06 20:44:09 -------- d-----w- C:\Program Files\CCleaner 2013-02-06 20:43:25 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Google 2013-02-06 20:42:42 1645496 ----a-w- C:\Windows\ampa.exe 2013-02-06 20:42:42 15288 ----a-w- C:\Windows\System32\ampa.sys 2013-02-06 20:42:42 12728 ----a-w- C:\Windows\SysWow64\ampa.sys 2013-02-06 20:42:40 -------- d-----w- C:\Program Files (x86)\AOMEI Partition Assistant Home Edition 5.1.2 2013-02-06 20:40:12 -------- d-----w- C:\Program Files (x86)\Evernote 2013-02-06 20:33:14 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\MediaMonkey 2013-02-06 20:33:09 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\MediaMonkey 2013-02-06 20:33:01 -------- d-----w- C:\ProgramData\MediaMonkey 2013-02-06 20:32:59 -------- d-----w- C:\Program Files (x86)\MediaMonkey 2013-02-06 20:30:56 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Evernote 2013-02-06 17:32:18 -------- d-----r- C:\Users\BMO-WIN-7\Dropbox 2013-02-06 17:30:23 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\Dropbox 2013-02-06 17:30:05 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Roaming\KeePass 2013-02-06 17:28:50 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2 2013-02-06 17:28:35 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Programs 2013-02-06 17:23:38 -------- d-----w- C:\Windows\SysWow64\Wat 2013-02-06 17:23:37 -------- d-----w- C:\Windows\System32\Wat 2013-02-06 17:23:13 902656 ----a-w- C:\Windows\System32\d2d1.dll 2013-02-06 17:23:13 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2013-02-06 17:23:12 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-02-06 16:30:12 -------- d-----w- C:\Program Files (x86)\MozBackup 2013-02-06 16:04:42 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Thunderbird 2013-02-06 07:19:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-02-06 07:19:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-02-06 07:19:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-02-06 07:19:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-02-06 07:15:18 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-02-06 07:15:00 884152 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-02-06 07:15:00 63928 ----a-w- C:\Windows\System32\nvshext.dll 2013-02-06 07:15:00 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-02-06 07:14:59 6382008 ----a-w- C:\Windows\System32\nvcpl.dll 2013-02-06 07:14:59 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-02-06 07:14:59 118712 ----a-w- C:\Windows\System32\nvmctray.dll 2013-02-06 07:14:37 60776 ----a-w- C:\Windows\System32\OpenCL.dll 2013-02-06 07:14:37 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-02-06 07:14:14 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-02-06 07:14:05 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-02-06 07:00:16 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-02-06 07:00:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-02-06 07:00:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-02-06 07:00:16 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-02-06 07:00:15 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-02-06 07:00:15 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-02-06 06:59:43 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-02-06 06:59:43 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-02-06 06:59:43 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-02-06 06:59:42 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-02-06 06:59:42 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-02-06 06:59:42 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-02-06 06:59:42 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-02-06 06:57:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-02-06 06:57:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-02-06 06:57:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-02-06 06:57:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-02-06 06:57:53 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-02-06 06:23:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-02-06 06:22:58 642944 ----a-w- C:\Windows\System32\winload.efi 2013-02-06 06:20:44 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-02-06 06:20:44 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-02-06 06:20:42 715776 ----a-w- C:\Windows\System32\kerberos.dll 2013-02-06 06:20:42 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2013-02-06 06:20:42 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2013-02-06 06:20:42 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2013-02-06 06:20:42 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2013-02-06 06:20:41 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-02-06 06:20:41 209920 ----a-w- C:\Windows\System32\profsvc.dll 2013-02-06 06:20:40 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-02-06 06:16:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2013-02-06 06:16:49 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2013-02-06 06:16:49 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2013-02-06 06:16:49 1118720 ----a-w- C:\Windows\System32\sbe.dll 2013-02-06 06:16:48 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2013-02-06 06:16:48 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2013-02-06 06:16:47 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-02-06 06:16:47 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-02-06 06:16:47 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-02-06 06:16:47 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-02-06 06:16:47 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-02-06 06:16:14 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2013-02-06 06:16:14 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-02-06 06:14:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2013-02-06 06:14:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-02-06 06:14:01 77312 ----a-w- C:\Windows\System32\packager.dll 2013-02-06 06:14:01 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-02-06 06:14:00 67072 ----a-w- C:\Windows\splwow64.exe 2013-02-06 06:14:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2013-02-06 06:03:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-02-06 06:03:41 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-02-06 06:03:32 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-02-06 06:03:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-02-06 06:02:40 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67C585AB-95D6-4AC3-94A3-1744A477D8ED}\gapaengine.dll 2013-02-06 05:52:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-02-06 05:52:00 -------- d-sh--w- C:\Windows\Installer 2013-02-06 05:52:00 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-02-06 01:15:49 -------- d-----w- C:\Users\BMO-WIN-7\AppData\Local\Mozilla 2013-02-06 01:15:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-02-06 00:23:40 -------- d-----w- C:\Windows\Panther 2013-01-20 23:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ==================== Find3M ==================== . 2013-02-06 21:52:26 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-20 23:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-29 10:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll . ============= FINISH: 15:03:11.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/5/2013 4:36:32 PM System Uptime: 2/19/2013 1:55:52 PM (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3A78 Processor: AMD Phenom™ II X4 945 Processor | AM2 | 3000/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 230 GiB total, 116.608 GiB free. D: is FIXED (NTFS) - 236 GiB total, 131.693 GiB free. E: is FIXED (NTFS) - 466 GiB total, 155.298 GiB free. F: is CDROM () G: is CDROM () H: is Removable I: is Removable J: is Removable K: is Removable M: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP42: 2/10/2013 4:24:29 PM - Installed Advanced Video FX Engine RP43: 2/10/2013 4:25:12 PM - Installed Advanced Audio FX Engine RP44: 2/10/2013 4:25:51 PM - Installed Creative Photo Manager RP45: 2/10/2013 4:26:41 PM - Installed Creative Photo Calendar RP46: 2/10/2013 4:28:07 PM - Installed Creative System Information RP47: 2/10/2013 4:28:20 PM - Installed Creative Live! Cam Optia AF RP48: 2/10/2013 4:29:05 PM - Installed Creative WebCam RP49: 2/10/2013 4:30:58 PM - Installed Creative Software AutoUpdate RP50: 2/10/2013 4:32:39 PM - Removed Creative Photo Manager RP51: 2/10/2013 4:33:05 PM - Removed Creative Photo Calendar RP52: 2/10/2013 4:33:47 PM - Removed Creative Live! Cam FX Creator RP53: 2/10/2013 4:34:19 PM - Removed Creative Live! Cam Doodling RP54: 2/10/2013 4:34:45 PM - Removed Creative Software AutoUpdate RP55: 2/10/2013 4:35:16 PM - Removed Creative System Information RP56: 2/13/2013 11:48:06 AM - Windows Update RP57: 2/15/2013 9:22:59 AM - Windows Update RP58: 2/15/2013 12:46:06 PM - Windows Update RP59: 2/19/2013 1:48:23 PM - Windows Update RP60: 2/19/2013 1:49:04 PM - Windows Update . ==== Installed Programs ====================== . ACDSee 9 Photo Manager ACDSee Pro 2.5 Acronis True Image Home Adobe Acrobat 6.0 Professional - English, Français, Deutsch Adobe AIR Adobe Flash Player 11 Plugin Adobe Photoshop Elements 2.0 Adobe Reader XI (11.0.01) Advanced Audio FX Engine Advanced Video FX Engine AOMEI Partition Assistant Home Edition 5.1.2 Apple Application Support ArcSoft Panorama Maker 5 ASUSUpdate CCleaner Cisco AnyConnect VPN Client Creative Live! Cam Center Creative Live! Cam Manager Creative Live! Cam Optia AF Driver (1.02.02.0612) Creative Live! Cam Optia AF User's Guide (English) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Deus Ex: Human Revolution Dropbox Evernote v. 4.6.2 Fallout Mod Manager 0.13.21 Fallout: New Vegas Google Chrome Google Update Helper IrfanView (remove only) Java 7 Update 13 Java Auto Updater KeePass Password Safe 2.21 MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect™ 3 MediaMonkey 4.0 Microsoft .NET Framework 4 Client Profile Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MozBackup 1.5.1 Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nexus Mod Manager Nikon Message Center 2 NVIDIA 3D Vision Controller Driver 310.90 NVIDIA 3D Vision Driver 310.90 NVIDIA Control Panel 310.90 NVIDIA Graphics Driver 310.90 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Origin PC Probe II Pegasus Mail HTML Renderer 2.4.7.2 PerformanceTest v8.0 Picture Control Utility QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shutterfly Express Uploader Skype™ 6.1 Sonic Activation Module Steam The Elder Scrolls V: Skyrim Unofficial Oblivion Patch v3.4.3 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition ViewNX 2 VLC media player 2.0.4 XnView 1.97.8 ZipGenius 6 (6.0.3.1150) . ==== Event Viewer Messages From Past Week ======== . 2/19/2013 1:49:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device. 2/16/2013 7:42:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 2/16/2013 7:42:41 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/13/2013 11:41:07 AM, Error: Schannel [36887] - The following fatal alert was received: 40. . ==== End Of File ===========================
  16. Attached are the two files after running dds.scr. Have used the Malware removal tool and also MSE to clean up infections. Now the problem with redirecting still persists on certain searches but not all and keep getting this message IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 52873, Process: iexplore.exe) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.5.1 Run by Dan at 7:36:10 on 2013-02-14 . ============== Running Processes ================ . C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll mWinlogon: Userinit = userinit.exe, BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: IMVU Inc Toolbar: {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [updateFlow.Comcast] C:\Program Files (x86)\Comcast\pcBrowser.exe -AppKey=Comcast -URL=file://C:\Program Files (x86)\Comcast\OfflineUpdate\redirector.htm uRun: [imajr] rundll32 "C:\Users\Dan\AppData\Roaming\qedita.dll",Lxlrxlgbk uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secureremote.reedsmith.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{3A3F8D71-8FB0-4E52-92BB-1BD3AE06FEDC} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{3A3F8D71-8FB0-4E52-92BB-1BD3AE06FEDC}\4594D225F6F6D637D234F687 : DHCPNameServer = 68.111.16.30 68.111.16.25 TCP: Interfaces\{3A3F8D71-8FB0-4E52-92BB-1BD3AE06FEDC}\94E666F627D616E45647 : DHCPNameServer = 8.8.8.8 8.8.4.4 205.171.2.65 TCP: Interfaces\{3A3F8D71-8FB0-4E52-92BB-1BD3AE06FEDC}\C696E6B6379737 : DHCPNameServer = 68.87.66.234 162.150.8.16 TCP: Interfaces\{A4D4FE9B-FC9F-48EE-BA73-9A13D6173E65} : DHCPNameServer = 68.111.16.30 68.111.16.25 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe x64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R? AMPPALP;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Protocol R? ATTRcAppSvc;AT&T RcAppSvc R? CAATT;AT&T Con App Svc R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? HipShieldK;McAfee Inc. HipShieldK R? Impcd;Impcd R? intaud_WaveExtensible;Intel WiDi Audio Device R? JMCR;JMCR R? McComponentHostService;McAfee Security Scan Component Host Service R? mferkdet;McAfee Inc. mferkdet R? MyWiFiDHCPDNS;Wireless PAN DHCP Server R? PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver R? RoxMediaDB12OEM;RoxMediaDB12OEM R? RoxWatch12;Roxio Hard Drive Watcher 12 R? SkypeUpdate;Skype Updater R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? USBAAPL64;Apple Mobile USB Driver R? WatAdminSvc;Windows Activation Technologies Service R? wlcrasvc;Windows Live Mesh remote connections service S? AERTFilters;Andrea RT Filters Service S? AMPPAL;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Virtual Adapter S? AMPPALR3;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Service S? Bluetooth Device Monitor;Bluetooth Device Monitor S? Bluetooth Media Service;Bluetooth Media Service S? Bluetooth OBEX Service;Bluetooth OBEX Service S? BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service S? btmaudio;Intel Bluetooth Audio Service S? btmaux;Intel Bluetooth Auxiliary Service S? btmhsf;btmhsf S? cfwids;McAfee Inc. cfwids S? CtClsFlt;Creative Camera Class Upper Filter Driver S? ctxusbm;Citrix USB Monitor Driver S? cyhid;Cypress Input Device S? cykbfltrService;Cypress Keyboard Filter Driver S? cymfltrService;Cypress Trackpad Filter Driver S? iBtFltCoex;iBtFltCoex S? IntcDAud;Intel® Display Audio S? IntuitUpdateServiceV4;Intuit Update Service v4 S? iwdbus;IWD Bus Enumerator S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? MBAMService;MBAMService S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service S? McMPFSvc;McAfee Personal Firewall Service S? McNaiAnn;McAfee VirusScan Announcer S? McProxy;McAfee Proxy Service S? McShield;McAfee McShield S? mfeavfk;McAfee Inc. mfeavfk S? mfefire;McAfee Firewall Core Service S? mfefirek;McAfee Inc. mfefirek S? mfehidk;McAfee Inc. mfehidk S? mfevtp;McAfee Validation Trust Protection Service S? mfewfpk;McAfee Inc. mfewfpk S? MOBKbackup;McAfee Online Backup S? MOBKFilter;MOBKFilter S? MpFilter;Microsoft Malware Protection Driver S? NisDrv;Microsoft Network Inspection System S? NisSrv;Microsoft Network Inspection S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver S? nvpciflt;nvpciflt S? PxHlpa64;PxHlpa64 S? SftService;SoftThinks Agent Service S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service S? TurboB;Turbo Boost UI Monitor driver S? TurboBoost;Intel® Turbo Boost Technology Monitor 2.0 S? UNS;Intel® Management and Security Application User Notification Service . =============== Created Last 30 ================ . 2013-02-14 15:27:23 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77D4CBD1-A4F1-4E39-B64A-37849A761F71}\offreg.dll 2013-02-13 20:49:38 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-02-12 05:24:51 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes 2013-02-12 05:24:44 -------- d-----w- C:\ProgramData\Malwarebytes 2013-02-12 05:24:43 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-02-12 05:24:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-12 05:24:29 -------- d-----w- C:\Users\Dan\AppData\Local\Programs 2013-02-12 04:09:41 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47396D80-0281-47B0-A2F2-A8C8D2C5C024}\gapaengine.dll 2013-02-12 04:09:22 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77D4CBD1-A4F1-4E39-B64A-37849A761F71}\mpengine.dll 2013-02-10 19:35:59 -------- d-----w- C:\Users\Dan\AppData\Local\Threat Expert 2013-02-10 18:07:30 -------- d-----w- C:\Program Files (x86)\PC Tools 2013-02-10 18:04:11 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2013-02-10 18:04:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2013-02-10 18:01:05 -------- d-----w- C:\Users\Dan\AppData\Roaming\TestApp 2013-02-10 18:01:05 -------- d-----w- C:\ProgramData\PC Tools 2013-02-10 10:09:08 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-08 14:41:15 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-08 14:41:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-08 07:19:24 -------- d-----w- C:\Users\Dan\AppData\Local\Sonic_Solutions 2013-02-08 05:40:51 -------- d-----w- C:\Users\Dan\AppData\Local\ElevatedDiagnostics 2013-02-08 02:17:44 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-04 05:35:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-02-04 05:35:24 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-01-21 21:35:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-21 19:32:05 118784 --sha-r- C:\Users\Dan\AppData\Roaming\qedita.dll 2013-01-20 07:23:20 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-20 07:23:18 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-20 07:23:17 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-20 07:23:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-20 07:23:17 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-20 07:23:15 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-20 07:22:05 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-20 07:20:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-01-20 07:13:42 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-20 07:13:38 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-16 05:05:05 -------- d--h--w- C:\Users\Dan\AppData\Roaming\RPPrivate 2013-01-16 04:57:09 -------- d-----w- C:\Users\Dan\AppData\Roaming\RealNetworks 2013-01-16 04:55:54 -------- d-----w- C:\Program Files (x86)\RealNetworks 2013-01-16 04:55:52 -------- d-----w- C:\ProgramData\RealNetworks . ==================== Find3M ==================== . 2013-02-11 04:21:32 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-11 04:21:32 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-08 02:17:44 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-26 17:55:26 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-12-26 17:52:44 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-12-26 17:52:34 182312 ----a-w- C:\Windows\System32\mfevtps.exe 2012-12-26 17:51:34 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-12-26 17:51:24 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-12-26 17:50:48 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-12-26 17:49:42 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-12-26 17:49:00 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-12-26 17:48:30 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll . ============= FINISH: 7:36:25.69 =============== attach.txt
  17. So, yesterday I turned on my computer and when I came back to it, it had restarted, with a message from Microsoft that it had recovered from a serious failure, and when I closed the dialogue box, it sent me to wer reporting, with the following message: Your computer experienced a problem that was caused by spooldr.sys. This product might be malware. It recommended running MSS, which I did, and it found nothing. In addition, I ran a antivirus check (Webroot) and a Malwarebytes sweep. Neither found anything. From reading around on a couple of sites, I've noticed its a rootkit issue that might not show up on such sweeps, but might still need to be removed in other ways. I'm looking for help as to what to do next. I've got Windows XP, if this helps at all.
  18. Hello, Recently my sons were home for the holidays and using the computers available to play a game across the internet. Since that time many of the systems have developed unique problems. This thread deals with my work laptop, which has since developed the following symptoms: system locking up Internet Explorer crawls and then locks up reporting that it is no longer an authentic version of windows desktop icons are inoperable right clicking on items is inoperable trying to uninstall programs in control panel returns errors etc... System info is below as well as the requested files: dds.txt attach.txt Any assistance would be appreciated, thanks in advance! Ken ------------------ System Information ------------------ Time of this report: 2/8/2013, 18:08:31 Machine name: STUDIO-64 Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333) Language: English (Regional Setting: English) System Manufacturer: Dell Inc. System Model: Studio 1737 BIOS: Ver 1.00 BIOS A04 PARTTBL" Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz (2 CPUs), ~2.5GHz Memory: 4096MB RAM Available OS Memory: 4090MB RAM Page File: 2115MB used, 6064MB available Windows Dir: C:\Windows DirectX Version: DirectX 11 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Ken at 10:39:19 on 2013-02-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2647 [GMT -5:00] . AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxbxcoms.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?hl=en uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll mWinlogon: Userinit = userinit.exe, BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun StartupFolder: C:\Users\Ken\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:95 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Download all by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100 IE: Open with PDF Professional 6 - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\25546554C4 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\34C6561627023507F64702036333 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\857383B473 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{325EAE92-B1F4-4FA0-9FFC-2C080D4EE66D} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [lxbxmon.exe] "C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe" x64-Run: [LXBXCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBXtime.dll,RunDLLEntry x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe" x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\Users\Ken\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\nppdf.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-6-14 62536] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-7-20 141920] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-6-14 211344] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-6-14 38328] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-7-28 89600] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-6-14 1288104] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-1-29 165112] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-7 1153368] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-13 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-26 203264] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-11-26 25584] S3 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-6-30 134944] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2011-8-26 70672] S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2011-8-26 173456] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2011-8-26 173456] S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2011-8-26 12688] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2011-8-26 141840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-10 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-10 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-26 1255736] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1" FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] ShellExec: Foxit Reader.exe: print="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" . =============== Created Last 30 ================ . 2013-02-06 11:33:19 -------- d-----w- C:\Users\Ken\Desktop Folders 2013-01-30 14:38:14 -------- d-----w- C:\ProgramData\IDM 2013-01-30 01:40:02 -------- d-----w- C:\Utils 2013-01-29 12:03:10 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2013-01-10 14:26:05 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-10 14:26:05 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-10 14:26:04 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-01-10 14:26:04 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-10 14:24:55 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-10 14:24:54 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-10 14:24:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-10 14:24:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-10 14:24:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-10 14:24:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-10 14:24:51 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-10 14:24:47 68608 ----a-w- C:\Windows\System32\taskhost.exe . ==================== Find3M ==================== . 2013-01-13 14:01:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-13 14:01:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 10:39:42.76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 7/26/2010 1:42:52 PM System Uptime: 2/6/2013 6:53:08 AM (4 hours ago) . Motherboard: Dell Inc. | | 0P786H Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz | U2E1 | 2534/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 66.027 GiB free. D: is FIXED (NTFS) - 10 GiB total, 2.519 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #3 PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Microsoft Teredo Tunneling Adapter PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® WiFi Link 5100 AGN Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1 Manufacturer: Intel Corporation Name: Intel® WiFi Link 5100 AGN PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1 Service: NETw5s64 . ==== System Restore Points =================== . RP355: 2/2/2013 7:12:55 PM - Windows Modules Installer . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin 64-bit Adobe Reader X (10.1.4) Akamai NetSession Interface ArcSoft MediaImpression for Kodak ATI Catalyst Install Manager BitTorrent BlackBerry Desktop Software 7.1 Catalyst Control Center InstallProxy CCleaner CDDRV_Installer Chinese Simplified Fonts Support For Adobe Reader X Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Defraggler Dell Support Center Dell Touchpad DivX Setup Dropbox DVD Decrypter (Remove Only) DVD Shrink 3.2 Elcomsoft Blackberry Backup Explorer eMusic Download Manager 4.1.4 ESET Online Scanner v3 ESET Smart Security Foxit PDF IFilter Foxit Phantom Foxit Reader Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.3.0.977 IDT Audio Internet Download Manager iTunes Japanese Fonts Support For Adobe Reader X KhalInstallWrapper Lexmark 7100 Series Logitech SetPoint Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mindjet MindManager 9 Mozilla Firefox 10.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nuance PDF Professional 6 PANTECH UM175 Driver PDFCreator Picasa 3 Plustek OpticSlim M12 Plus PowerISO QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Replay Media Catcher 4 (4.2.8) RICOH Media Driver ver.2.07.01.00 Roblox for Ken Scansoft PDF Professional Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype Click to Call Skype™ 6.1 Snagit 10.0.1 Spybot - Search & Destroy SpywareBlaster 4.4 SpywareGuard v2.2 System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VLC media player 1.1.11 Windows Automated Installation Kit Windows XP Mode WinRAR archiver . ==== End Of File ===========================
  19. Upon doing a scan some months ago (Can't currently determine the exact date) I found what seemed to be malware, and immediately quarantined the item. Because I realize run dll's are often essential, I decided to leave it quarantined rather than immediately removing the threat. I've searched all over google for an answer to the validity of this "Registry Value", but have had no success. Below is a screenshot containing information of the location of said "Backdoor" as labeled by Malware Bytes: I would like to know if I should delete, quarantine or restore this, or if there are any other solutions to this issue. The help would be greatly appreciated as I currently have no idea what the reprecussions of leaving this in my system are.
  20. This will be my first post on this forum, I hope I'm in the right place, I run malware bytes, and I keep coming up with these two viruses which I can't seem to remove. malware.packer.gen virus.sality Also, i get a BSD every time I attempt to enter safe mode.. Please help.
  21. My spouse contracted this nasty malware on her notebook and Malwarebytes did not see it. I had to resort to manual removal. Took awhile but I ultimately got it cleaned out. Did find a toolbar remover on-line. This hijacked the search function and caused IE to start throwing errors on Windows 8. Might say that MSFT's built-in anti-malware did not see it either.
  22. Hello, I was directed to this forum because I have an outgoing IP Block detected by MalwareBytes: 2013/01/24 09:23:35 -0500 USER-PC user IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 50798, Process: firefox.exe) 2013/01/24 09:23:35 -0500 USER-PC user IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 50799, Process: firefox.exe) I originally had problems after downloading a free swf to video program. Both my Norton 360 and MBAM detected Trojans (Trojan.dropper, Trojan.Gen.2) and malware (BasicSeek.exe, basicseek110.exe), and I was getting redirects on Firefox to a site called isearchfantasticgames.com. I ran MBAM, TDSKiller and adwcleaner. I then took my computer to a local computer store and then ran combofix and hitmanpro. They told me that I got rid of anything that was on the computer, but today, a week later, I got redirected to the isearchfantasticgames site (well MBAM stopped it). I thought I was done with this, but I'm concerned that something is still on my computer. I don't want to wipe my computer if I don't have to. It's a pain to have to reload all my programs, especially Adobe. Thank you for your help, Lauren dds.txt attach.txt
  23. I've been getting redirected on my Google searches to these suspicious websites. I ran Malwarebytes, which picked up Trojan.Happilli. I tried removing it, and in later scans, no malicious items were detected. However, I'm still being redirected in my Google searches. From what I've read, this can progress to a pretty serious issue. Help would be appreciated! Attached are the files. dds.txt attach.txt
  24. I seem to have been infected by the fbi warning virus in my attempts to remove the virus i have not been able to access any form of safe mode. I have been able to access the repair feature from the boot menu and get a command prompt running but as far as locating the files or anything else im pretty much stuck. I noticed a few other threads related to this virus on this forum so i'm just hoping i can get some sort of help and it would be much appreciated.
  25. Hi, Recently i noticed two trojans that came up during a Malwarebytes scan, PUM.UserWLoad, and Trojan.Ransom. I have the free version of Malwarebytes, and cannot seem to get rid of these two trojans. I have used both the remove feature inside of Malwarebytes as well as the Malwarebytes Chameleon Software, neither of which have been able to remove anything after five attempts. Any help would be greatly appreciated!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.