Jump to content

Search the Community

Showing results for tags 'Adobe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 19 results

  1. I don't actually know if it is infected or not, but it seems highly unlikely... please advise. See Attachment: ransomeware.txt
  2. Malwarebytes for some reason blocks adobe, I tried looking up other conversations about it but my internet has been acting up and I was having trouble makin the search bar work. Anybody have a workaround? I can't use any adobe software installed after installing Malwarebytes and the Adobe support tam keeps telling me to uninstall it.
  3. Hi everyone this is my first post! Happy to have found this forum. I'm just starting to learn about malware removal. My main question is should I join AlienVault Open Threat Exchange? I'd like to be able to more easily identify threats that are found on my devices and network. The website is https://otx.alienvault.com . I'd also like to learn how to identify who an IP address belongs to and if it is safe. Below are details related to the malware on my iMac (Mojave 10.14.6. If anyone cares to delve in and comment on any of it, that would be fantastic. Thank you in advance. My Safari (v13.1) cache has 50+ websites in it that I have not navigated to, and if I delete each cache individually, some automatically come back. I've looked into a few of these cached sites, but am extremely hesitant to continue to go to these websites or even to google them to investigate because it may raise my risk of getting infected. I've run EasyFind (Devon Technologies app) searches on some of the websites in the cache, and it is not finding them despite searching all files and volumes. 1st run of the Premium trial of Malwarebytes found Crossrider, mitmproxy, a browser extension in Chrome (adware), several files and directories related to TopicLookup, and a couple other files and directories. Screenshot attached of quarantined items. Nothing else found since then and my trial has run out; should I upgrade to Premium? Flash Player was installed and updated multiple times from a 3rd party. This was over a year ago; I don't remember doing it but it updated monthly for some time. Adobe cannot find it on my iMac to uninstall it; I'm assuming that is because Flash Player was not installed from Adobe to begin with. I've started to manually find and delete the Flash files. Deleting Flash Player from the system preferences pane requires me to put in my admin password, which I haven't done yet (again, hesitant). EtreCheck report below. I am new to EtreCheck and am still deciphering the report. I have a runaway process and kernel panics that could be related to 3rd party software. Also, I downloaded Norton from my Internet provider (xfinity) on 4-9-2020, and EtreCheck shows Norton for Mac and Norton Security were both installed. The app is Norton Security; I can't find Norton For Mac anywhere on my iMac. At any rate, Norton Security has been useless in finding threats. EtreCheck version: 5.5.4 (5106) Report generated: 2020-04-28 03:34:46 Download EtreCheck from https://etrecheck.com Runtime: 2:04 Performance: Excellent Sandbox: Enabled Full drive access: Enabled Problem: Other problem Description: Remove Flash Player, adware, malware Major Issues: Anything that appears on this list needs immediate attention. Runaway process - A process is using a large percentage of your CPU. Kernel panics - This system has experienced kernel panics that could be related to 3rd party software. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Heavy network usage - This machine has recently restarted and has high network usage. Apps crashing - There have been numerous app crashes. Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system. 32-bit Apps - This machine has 32-bits apps will not work on macOS 10.15 "Catalina". Kernel extensions present - This machine has kernel extensions that may not work in the future. Hardware Information: iMac (Retina 5K, 27-inch, 2017) iMac Model: iMac18,3 4.2 GHz Intel Core i7 (i7-7700K) CPU: 4-core 8 GB RAM - Upgradeable BANK 0/DIMM0 - 4 GB DDR4 2400 BANK 0/DIMM1 - Empty BANK 1/DIMM0 - 4 GB DDR4 2400 BANK 1/DIMM1 - Empty Video Information: Radeon Pro 580 - VRAM: 8 GB iMac (built-in) 5120 x 2880 Drives: disk0 - APPLE SSD SM2048L 2.00 TB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 2.00 TB disk1 [APFS Virtual drive] 2.00 TB (Shared by 4 volumes) disk1s1 - Macintosh HD (APFS) (Shared - 653.85 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared) disk1s3 - Recovery (APFS) [Recovery] (Shared) disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used) Mounted Volumes: disk1s1 - Macintosh HD 2.00 TB (Shared - 653.85 GB used, 1.35 TB available, 1.34 TB free) APFS Mount point: / disk1s4 - VM [APFS VM] 2.00 TB (Shared - 5.37 GB used, 1.34 TB free) APFS Mount point: /private/var/vm Network: Interface en0: Ethernet Interface en5: iPhone Interface en1: Wi-Fi 802.11 a/b/g/n/ac Interface en4: Bluetooth PAN Interface bridge0: Thunderbolt Bridge System Software: macOS Mojave 10.14.6 (18G4032) Time since boot: About 4 hours Notifications: EtreCheck.app 5 notifications Safari.app 4 notifications Security: Gatekeeper: Enabled System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Unsigned Files: Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.symantec.sharedsettings.MES.plist Executable: /Library/Application Support/Symantec/Silo/MES/DomainSettings/SymSharedSettingsd Details: Executable file is not accessible without Full Drive Access 32-bit Applications: 5 32-bit apps Kernel Extensions: /Library/Application Support/Malwarebytes/MBAM/Kext MB_MBAM_Protection.kext (Malwarebytes Corporation, 4.4 - SDK 10.11) /Library/Extensions SymXIPS.kext (Symantec, 9.0.1 - SDK 10.10) SymInternetSecurity.kext (Symantec, 9.0.3 - SDK 10.10) SymIPS.kext (Symantec, 9.0.2 - SDK 10.10) NortonForMac.kext (Symantec, 9.0.1 - SDK 10.10) System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 187 Apple tasks [Running] 97 Apple tasks [Other] One Apple task System Launch Daemons: [Not Loaded] 38 Apple tasks [Loaded] 199 Apple tasks [Running] 97 Apple tasks Launch Agents: [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2020-04-21) [Running] com.symantec.uiagent.application.MES.plist (Symantec - installed 2020-03-26) Launch Daemons: [Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2020-03-18) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2020-04-27) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-01-23) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2020-04-21) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-01-15) [Loaded] com.symantec.SymLUHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.UninstallerToolHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.deepsightdownload.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.dsp.nortonaggregatord.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.kexthelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.liveupdate.daemon.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.sharedsettings.MES.plist (? 84ffa067 - installed 2020-03-26) [Running] com.symantec.symdaemon.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.detail.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.panicreporter.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.submit.MES.plist (Symantec - installed 2020-03-26) [Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2019-03-24) User Launch Agents: [Other] com.google.keystone.agent.plist (Google, Inc. - installed 2020-04-27) [Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2020-04-27) User Login Items: [Running] CIJSULAgent (Canon Inc. - installed 2019-03-24) Modern Login Item /Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app [Not Loaded] Launcher Disabler (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app [Not Loaded] OneDrive Launcher (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app [Not Loaded] StartUpHelper (Spotify - installed 2019-05-16) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Not Loaded] HP Product Research (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app [Not Loaded] HP Data Uploader (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app/Contents/Resources/HP Data Uploader.app Audio Plug-ins: AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-09-20) BluetoothAudioPlugIn: 6.0.14 (Apple - installed 2020-04-15) AirPlay: 2.0 (Apple - installed 2020-04-15) AppleAVBAudio: 760.6 (Apple - installed 2019-09-20) BridgeAudioSP: 5.52 (Apple - installed 2020-04-15) iSightAudio: 7.7.3 (Apple - installed 2019-09-20) 3rd Party Preference Panes: Flash Player (Adobe Systems, Inc. - installed 2020-02-25) Time Machine: Auto backup: Yes Volumes being backed up: Macintosh HD: Disk size: 2.00 TB - Disk used: 660.08 GB Destinations: Data [Network] (Last used) Total size: 2.85 TB Total number of backups: 20 Oldest backup: 2020-03-15 10:45:32 Last backup: 2020-04-28 03:13:43 16 local snapshots Oldest local snapshot: 2020-04-27 03:11:25 Last local snapshot: 2020-04-28 03:08:02 Performance: System Load: 3.20 (1 min ago) 2.51 (5 min ago) 2.26 (15 min ago) Nominal I/O speed: 7.97 MB/s File system: 30.11 seconds Write speed: 2267 MB/s Read speed: 2832 MB/s CPU Usage Snapshot: Type Overall System: 3 % User: 18 % Idle: 78 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) Other processes 127.13 % (?) Console 25.05 % (Apple) EasyFind 7.43 % (App Store) Safari 4.80 % (Apple) EtreCheck 2.89 % (App Store) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheck 443 MB (App Store) Console 246 MB (Apple) Safari 183 MB (Apple) Finder 177 MB (Apple) EasyFind 122 MB (App Store) Top Processes Snapshot by Network Use: Process Input / Output (Source - Location) Other processes 638 MB / 1.13 GB (?) com.apple.WebKit.Networking 2 MB / 408 KB (Apple) SystemUIServer 873 B / 36 B (Apple) Terminal 0 B / 0 B (Apple) diagnostics_agent 0 B / 0 B (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 23 MB Used RAM: 7.02 GB Cached files: 982 MB Available RAM: 1006 MB Swap Used: 1.76 GB Software Installs (past 30 days): Install Date Name (Version) 2020-04-01 Numbers (10.0) 2020-04-01 Pages (10.0) 2020-04-01 Keynote (10.0) 2020-04-02 Safari (13.1) 2020-04-02 MRTConfigData (1.58) 2020-04-09 Norton For Mac (8.5.5.277.277) 2020-04-09 Norton Security SKU (8.5.5.277.277) 2020-04-15 Security Update 2020-002 (10.14.6) 2020-04-15 Mobile Device (1.0.0.0) 2020-04-15 Microsoft Excel (16.36.20041300) 2020-04-15 Microsoft OneNote (16.36.20041300) 2020-04-15 Microsoft Outlook (16.36.20041300) 2020-04-15 Microsoft PowerPoint (16.36.20041300) 2020-04-16 XProtectPlistConfigData (2119) 2020-04-21 Microsoft AutoUpdate (4.22.20042003) 2020-04-27 EasyFind (4.9.3) 2020-04-27 EtreCheck (5.5.4) 2020-04-27 Microsoft Word (16.36.20041300) 2020-04-27 Malwarebytes for Mac (1.0) Diagnostics Information (past 7-30 days): 2020-04-28 03:19:47 Safari.app - Crash (15 times) Executable: /Applications/Safari.app Details: dyld: launch, loading dependent libraries 2020-04-27 23:43:59 coreservicesd - High CPU Use (2 times) Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/Support/coreservicesd 2020-04-26 06:07:30 com.apple.WebKit.WebContent - High CPU Use Executable: /System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent 2020-04-25 22:53:44 backupd - High CPU Use Executable: /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd 2020-04-22 13:44:47 Kernel Panic (2 times) Details: panic(cpu 0 caller 0xffffff8013205446): "a freed zone element has been modified in zone kalloc.128: expected 0xdeadbeefdeadbeef but found 0x ffffff803a83c250, bits changed 0x2152416fe42e7cbf, at offset 88 of 128 in element 0xffffff803a83b800, cookies 0x3f00119a67238ab8 0x53521dd0d 22eb3d"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-4903.2 78.28/osfmk/kern/zalloc.c:1206 3rd party kernel extensions: com.malwarebytes.mbam.rtprotection com.symantec.SymXIPS com.symantec.internetSecurity.kext com.symantec.ips.kext com.symantec.nfm.kext End of report If you got this far, I am indebted to your kindness. Thank you!
  4. I keep getting this AdobeIPCBroker.exe - System error pop up. I cannot get rid of it and I can only move it to the side. it says "The code execution cannot proceed because CRCilent.dll was not found. Reinstalling the program may fix this problem." I press ok or the x button and it does not go away it only reappears. I saw a similar post to this https://forums.malwarebytes.com/topic/257811-adobeipcbrokerexe-system-error-issue/ . Though I do not know if the same solution to that computer is gonna work for mine. Please help.
  5. I have brand new DELL computer. I've been using Google Chrome without a problem. Malwarebytes keeps popping up notification that free update should be installed. After I did it, Google Chrome is running very slow. And when I tried opening a PDF file, it would not open. And I keep getting this error message now (see attachment). I tried Microsoft Edge browser and that is working very quickly. I'm not a technical guy but can someone help me?
  6. Continue to get a phony message that I need to update Adobe Flash Player, have run the full version of Malwarebytes but it fails to find this. Running MacOS Mojave (10.14.1) on a MacBook Pro. Seems to be somehow connected to an online game Words With Friends. (Not an app installed on computer.)
  7. blogs.adobe.com (67.222.101.124) is blocked. [Log attached] mban_adobe.txt
  8. I can't email files from Acrobat reader because Malwarebytes blocks them. I have excluded all the .exe from the adobe reader folder in vain. When I ask an exclusion on a previous exploit, the list is empty although in the reports I can find this exploit. Please help www.malwarebytes.com -Log Details- Protection Event Date: 8/12/17 Protection Event Time: 11:15 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2567 License: Premium -System Information- OS: Windows 10 (Build 14393.1593) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Adobe Reader Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: (end)
  9. So apparently my dad caught that Adobe Flash Player virus on his phone, and now he can't uninstall it cause it's a hidden administrative application (or whatever it's called). It's a virus that displays a pop-up window everytime an app is opened, and it asks for your credit card information. I tried installing an app to detect it and disable its administrative priveleges but the scan showed no results. What now? P.S. The thing identifies as Malware but can't even be disabled, force stopped or cache-cleared. Is there a way to forcibly remove it via a computer or any other method?
  10. Hi, We have a PC that has quarantined three threats that were detected overnight as "Trojan.Reconyc". Two threats were in Adobe file directories and another was in an Installer directory for what seems to be for patches for Windows. These three threats seem to be false positives but I want to be sure if these are actual threats or not. I have attached a screenshot of the three threats that are shown from the Malwarebytes Management Console for that particular PC. Any advice would be appreciated.
  11. I understand that HijackThis for the most part has been replaced by newer tools. Yet, I'm still using it and just encountered an error that renders it unusable on systems when running the service: AGSService Adobe Genuine Software Integrity Service I'm sharing this in the hope that others who are using both HijackThis and the Adobe Creative Cloud will not assume this error indicates that they are infected. Something may have been updated by Adobe within the past few days as I've never encountered this issue before until today. I scan every other day. I maintain four Windows 7 systems and two had this issue and two did not -- the two with the Adobe Genuine Software Integrity Service running. I confirmed this by exporting the following registry keys, deleting them, and then running HijackThis again without any error. I imported the keys and the error returned. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AGSService] Obviously, I don't recommend permanently removing these registry keys as they likely will render your Adobe Creative Cloud software inactive (or worse). Thus, if you are getting this Error #5 and confirm that it is caused by AGSService, you may need to consider using an alternative tool to HijackThis. Full text of the HijackThis error: Please help us improve HijackThis by reporting this error Click 'Yes' to submit Error Details: An unexpected error has occurred at procedure: modMain_StartScan() Error #5 - Invalid procedure call or argument Windows version: MSIE version: HijackThis version: 2.0.5
  12. My little brother downloaded something on my computer and i tried malwarebytes to remove the adware, it detected about 450 objects but the adware is still on my computer Some of it is in chinese, and the other ad asks me to update adobe flash player but it wont update it, it's a virus (and it pops a lot) However it slowed down after deleting something in task manager even though it still pops up
  13. Malwarebytes is currently blocking webfonts.creativecloud.com, stating that it's a malicious website. This has never happened before. Tis not a malicious website. webfonts.creativecloud.com hosts is not a malicious website, it hosts Typekit and Adobe Edge web fonts used by thousands of websites. If blocked, this disables the fonts they were designed with (so they look terrible) and it also makes these websites look unsafe. I've added an exception, but I hope this gets fixed soon.
  14. Hi After Install CS6 MBAM crash, it is a known issue? Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: kernel32.dll Fault Module Version: 6.0.6002.18881 Fault Module Timestamp: 51da3e27 Exception Code: c0000142 Exception Offset: 00009f5d OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 9d13 Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8 Additional Information 3: 9d13 Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8 PLMK Thanks Camelia
  15. Hello MBAM forums! Today (A little over an hour ago, 3:00 PM EST), I came back from doing some work outside, and when my computer screensaver goes away, theres a message from my firewall (PC Tools Firewall), saying that Adobe Flash Player Installer/Uninstaller 14.0 r0 wants to access the internet. Having not done anything like this before, I click "details". Seemed legitimate enough. After clicking "Accept", I googled it. Apparently someone on bleepingcomputer downloaded it the same way, firewall asked and then accept, and later on he got a Trojan, Zeroacess.exe. I decided to run a few scans, a MBAM full scan, and an Avast! scan on the specific files. Nothing came up, and the full scan is still running. However, the person said that even though they ran scans, they didn't get anything detected initially. How do I know if its infected or not? Any help would be appreciated.
  16. I am having a problem with Adobe Flash Player with Internet Explorer 11. The problem is that whenever I visit a website that has content that needs the flash player in order to work, Internet Explorer asks me if it is okay to run the content. When I click "Allow", the page refreshes and I am asked again. I do not understand why it behaves this way because I have all Adobe plugins for Internet Explorer activated. To see the problem that I am having in action, watch this video.
  17. Andy2013

    Adobe ARM

    Is it really necessary for Adobe ARM to launch at start up? All adobe programs by default search for updates and apply them automatically. Disabling ARM with CCleaner is simple, but at the next adobe update ARM is active again. Seems a little invasive to me?
  18. Howdy guys. Haven't been here in a while since I got help form you guys months ago. Here's my querry; I ran the usual weekly scans of MalPro and MSE because my system has been slower than normal. Both came up clean so I Google searched different processes running in task manager. Found another techie site that had pretty much everything searchable. Had multiple, as in 7, svchost.exe running at the same time. Went back to the tech site and click click click found the explination. It also had a scan option; so I ran it. It was Ad Aware Anti-virus (free). All it found was Airinstaller(fs). Since I have different Adobe applications installed on my system, my question is this; Could it have mistaken the Adobe AIR application for the virus? Sys info: 2007 eMachines EL1200, Windows XP Home2002 SP3, AMD 2650e processor,1.6 GHz 896mb RAM, Comcast ISP, MagicJack plug-in, Firefox browser.
  19. I hope I didn't mess up this computer too much!!! I'd be happy to turn off Avast , Symantec and Kaspersky and run a program which will help, hint hint. When I 'disable' Kaspersky for '1 hour' for a minute , I am given a warning sometimes 480 connections will be closed. after running a series of deep scans, boot scans, etc, and reseting my TCP values to windows defaults using TCP optimizer. I am sometimes able to take control of my computer and get online searching for real answers brings me here: Please help if you can, please and thanks.!!!! I think I found the set of virii which attacked Toledo Police.... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Richard at 23:02:31 on 2012-02-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1649 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe C:\windows\System32\svchost.exe -k ipripsvc C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\WinUtilities\WinUtil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Richard\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\standardrichard\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mStart Page = about:blank mWinlogon: Userinit=userinit.exe, BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [<NO NAME>] mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CONNEC~1.LNK - C:\Program Files (x86)\Connection Keeper\conkeepm.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WeFi.lnk - C:\Program Files (x86)\WeFi\WeFi.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F} : DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F}\356484140277966696 : DhcpNameServer = 10.128.128.128 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO-X64: Norton Safety Minder BHO - No File BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO-X64: link filter bho - No File TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [(Default)] mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\rg46nemv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q= FF - user.js: extensions.funmoods_i.id - 1e4d892f00000000000016de2bee20bf FF - user.js: extensions.funmoods_i.instlDay - 15388 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:20:59 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - adknlg FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys --> C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys [?] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120225.004\IDSviA64.sys [2012-2-28 488568] R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-24 44768] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] R2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-5-13 118968] R2 iprip;RIP Listener;C:\windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe [2012-2-28 138232] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2012-2-27 138248] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-26 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-26 138360] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?] R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-26 13592] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S3 ElephantDrive-Service.exe;ElephantDrive-Service;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-5-13 118456] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-11-26 332272] S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCAMp50a64.sys --> C:\windows\system32\Drivers\PCAMp50a64.sys [?] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCASp50a64.sys --> C:\windows\system32\Drivers\PCASp50a64.sys [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys --> C:\windows\system32\DRIVERS\SWDUMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files (x86)\Webcam\Webcam123\dogsvc.exe [2007-12-5 189440] S3 WefiEngSvc;WeFi Engine Service;C:\Program Files (x86)\WeFi\WefiEngSvc.exe [2010-11-3 120152] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-02-29 07:03:05 218232 ----a-r- C:\windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64\0203000.011 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64 2012-02-29 07:03:01 167048 ----a-r- C:\windows\System32\drivers\NOFx64\0203000.007\ccSetx64.sys 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64\0203000.007 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64 2012-02-29 06:56:11 167048 ----a-r- C:\windows\System32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64\0201000.00C 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64 2012-02-29 06:56:09 -------- d-----w- C:\Program Files (x86)\Norton Management 2012-02-28 05:11:05 738936 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtsp64.sys 2012-02-28 05:11:05 451192 ----a-r- C:\windows\System32\drivers\NAVx64\1305000.091\symds64.sys 2012-02-28 05:11:05 405624 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symnets.sys 2012-02-28 05:11:05 37496 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtspx64.sys 2012-02-28 05:11:05 190072 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ironx64.sys 2012-02-28 05:11:05 167048 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ccsetx64.sys 2012-02-28 05:11:05 1092728 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symefa64.sys 2012-02-28 05:10:51 -------- d-----w- C:\windows\System32\drivers\NAVx64\1305000.091 2012-02-26 17:14:51 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Symantec 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-02-26 17:14:13 -------- d-----w- C:\windows\System32\drivers\NAVx64 2012-02-26 17:14:10 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus 2012-02-26 13:28:06 -------- d-----w- C:\ProgramData\Vocaboly 2012-02-26 13:27:56 626688 ----a-w- C:\windows\SysWow64\msvcr80.dll 2012-02-26 13:27:56 548864 ----a-w- C:\windows\SysWow64\msvcp80.dll 2012-02-26 13:27:56 1093632 ----a-w- C:\windows\SysWow64\mfc80.dll 2012-02-26 06:46:22 77312 ----a-w- C:\windows\SysWow64\ztvunace26.dll 2012-02-26 06:46:22 75264 ----a-w- C:\windows\SysWow64\unacev2.dll 2012-02-26 06:46:22 69632 ----a-w- C:\windows\SysWow64\ztvcabinet.dll 2012-02-26 06:46:22 162304 ----a-w- C:\windows\SysWow64\ztvunrar36.dll 2012-02-26 06:46:22 153088 ----a-w- C:\windows\SysWow64\UNRAR3.dll 2012-02-24 14:46:17 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E63701F-F31C-489B-BF90-79B0EE9372FD}\mpengine.dll 2012-02-24 13:44:35 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-02-24 13:44:32 817496 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-02-24 13:44:32 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-02-24 13:44:03 41184 ----a-w- C:\windows\avastSS.scr 2012-02-24 13:41:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-02-24 13:41:12 -------- d-----w- C:\Program Files\AVAST Software 2012-02-23 08:10:48 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-02-23 08:10:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-02-21 18:15:03 -------- d-----w- C:\Users\Richard\AppData\Roaming\GlarySoft 2012-02-21 06:38:12 199168 ------w- C:\windows\SysWow64\actskin4ku.ocx 2012-02-21 06:38:10 67632 ------w- C:\windows\SysWow64\mswinsckku.ocx 2012-02-21 06:38:10 11264 ------w- C:\windows\SysWow64\browser.ocx 2012-02-21 06:38:07 -------- d-----w- C:\Program Files (x86)\Super Speed Internet 2012-02-21 06:37:38 -------- d-----w- C:\Program Files (x86)\Common Files\SY Company 2012-02-21 06:37:22 -------- d-----w- C:\temp 2012-02-21 06:32:46 -------- d-----w- C:\Program Files (x86)\Badosoft 2012-02-21 05:55:20 -------- d-----w- C:\Program Files (x86)\SySpeed 2012-02-21 04:05:24 557848 ----a-w- C:\windows\System32\drivers\iaStor.sys 2012-02-20 15:54:28 -------- d-----w- C:\Users\Richard\AppData\Roaming\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\ProgramData\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2012-02-20 15:22:18 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-02-20 14:40:43 -------- d-----w- C:\Users\Richard\AppData\Local\CrashDumps 2012-02-20 03:01:25 -------- d-----w- C:\AutoMacroRecorder 2012-02-20 00:29:33 -------- d-----r- C:\Program Files (x86)\Skype 2012-02-19 23:30:03 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-02-19 22:35:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\SpeedMaxPc 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\DriverCure 2012-02-19 22:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\ProgramData\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc 2012-02-19 13:37:48 -------- d-----w- C:\c 2012-02-19 04:48:31 -------- d-----w- C:\rei 2012-02-19 04:48:23 -------- d-----w- C:\Program Files\Reimage 2012-02-19 04:48:15 -------- d-----w- C:\Program Files (x86)\ReImageCompanion 2012-02-19 04:28:15 -------- d-----w- C:\Users\Richard\AppData\Roaming\Malwarebytes 2012-02-19 04:01:11 -------- d--h--w- C:\ProgramData\Common Files 2012-02-19 03:56:35 -------- d-----w- C:\ProgramData\MFAData 2012-02-18 14:42:53 28672 ----a-w- C:\windows\SysWow64\vbWebDownload.dll 2012-02-18 14:42:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx 2012-02-18 14:42:52 -------- d-----w- C:\Program Files (x86)\Wireless Wizard 2012-02-18 14:01:31 -------- d-----w- C:\ProgramData\WeFi 2012-02-18 14:00:13 -------- d-----w- C:\Program Files (x86)\WeFi 2012-02-18 13:14:15 -------- d-----w- C:\Program Files (x86)\NirSoft 2012-02-18 05:55:49 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-02-18 05:55:43 -------- d-----w- C:\Users\Richard\AppData\Local\APN 2012-02-18 05:46:31 -------- d-----w- C:\Program Files (x86)\Common Files\System-G 2012-02-18 05:46:29 -------- d-----w- C:\Program Files (x86)\Connection Keeper 2012-02-18 05:22:45 -------- d-----w- C:\Users\Richard\AppData\Local\DownloadManager 2012-02-18 05:22:43 -------- d-----w- C:\Program Files (x86)\Download Manager 2012-02-17 18:19:31 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll 2012-02-17 18:19:31 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx 2012-02-17 18:19:31 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL 2012-02-17 18:19:31 33968 ----a-w- C:\windows\SysWow64\anim.dll 2012-02-17 18:19:31 258352 ----a-w- C:\windows\SysWow64\unicows.dll 2012-02-17 18:19:31 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL 2012-02-17 18:19:31 1706800 ----a-w- C:\windows\SysWow64\gdiplus.dll 2012-02-17 18:19:30 -------- d-----w- C:\Program Files (x86)\WinUtilities 2012-02-17 17:03:47 -------- d-----w- C:\Program Files (x86)\Glary Utilities 2012-02-17 05:23:27 -------- d-----w- C:\Users\Richard\AppData\Local\KSafe 2012-02-16 16:36:00 -------- d--h--w- C:\SafeRecycle 2012-02-16 16:32:54 -------- d-----w- C:\Users\Richard\AppData\Roaming\kingsoft 2012-02-16 16:28:16 -------- d-sh--w- C:\KRSHistory 2012-02-16 16:27:46 -------- d-sh--w- C:\ProgramData\KRSHistory 2012-02-16 16:27:46 -------- d-----w- C:\ProgramData\Safe 2012-02-16 16:26:46 -------- d-----w- C:\ProgramData\kingsoft 2012-02-16 16:26:31 -------- d-----w- C:\Program Files (x86)\Kingsoft 2012-02-16 04:38:05 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-16 04:38:05 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-16 04:29:26 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-16 04:29:26 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-16 04:05:45 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-16 02:07:58 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-16 02:07:36 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-16 02:07:36 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-15 22:30:09 -------- d-----w- C:\ProgramData\richardy Lab 2012-02-14 15:56:49 -------- d-----w- C:\Users\Richard\AppData\Local\{B87FEE52-0B37-44C7-B7BF-03FD22D334AE} 2012-02-14 03:38:44 -------- d-----w- C:\Users\Richard\files_files 2012-02-11 05:48:40 -------- d-----w- C:\Users\Richard\ftp 2012-02-11 04:15:14 -------- d-----w- C:\Users\Richard\AppData\Local\I Want This 2012-02-11 04:15:13 -------- d-----w- C:\Program Files (x86)\I Want This 2012-02-11 03:41:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\ooVoo Details 2012-02-09 19:21:46 -------- d-----w- C:\Users\Richard\AppData\Local\jZip 2012-02-09 19:20:29 -------- d-----w- C:\Program Files (x86)\jZip 2012-02-09 16:12:06 -------- d-----w- C:\Users\Richard\AppData\Local\Microsoft Help 2012-02-09 14:13:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\FinalTorrent 2012-02-09 14:12:24 -------- d-----w- C:\Program Files (x86)\FinalTorrent 2012-02-09 05:21:42 -------- d-----w- C:\Users\Richard\AppData\Local\DeskShare Data 2012-02-09 05:21:40 -------- d-----w- C:\ProgramData\firebird 2012-02-09 05:21:34 -------- d-----w- C:\Users\Richard\AppData\Local\Spoon 2012-02-09 05:21:31 -------- d-----w- C:\Program Files (x86)\Deskshare 2012-02-09 05:19:10 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-02-08 01:50:15 -------- d-----w- C:\Fraps 2012-02-06 14:19:31 -------- d-----w- C:\Users\Richard\AppData\Roaming\qualys 2012-02-01 17:47:57 -------- d-----w- C:\Users\Richard\AppData\Local\MediaServer 2012-02-01 17:47:55 -------- d-----w- C:\ProgramData\PDVD 2012-02-01 17:44:59 -------- d-----w- C:\ProgramData\install_clap 2012-01-31 19:44:06 -------- d-----w- C:\Program Files (x86)\DictionaryBoss 2012-01-31 06:05:20 -------- d-s---w- C:\windows\SysWow64\Microsoft 2012-01-30 16:15:21 -------- d-----w- C:\windows\SysWow64\BestPractices 2012-01-30 16:15:18 -------- d-----w- C:\windows\System32\BestPractices 2012-01-30 16:15:17 -------- d-----w- C:\inetpub 2012-01-30 16:07:22 0 ---ha-w- C:\Users\Richard\AppData\Local\BITCA62.tmp . ==================== Find3M ==================== . 2012-02-21 05:52:13 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-20 02:24:00 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-01-29 13:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-27 02:45:08 15672 ----a-w- C:\windows\System32\drivers\SWDUMon.sys 2012-01-19 03:11:11 0 ----a-w- C:\windows\SysWow64\sho3894.tmp 2012-01-13 06:58:07 0 ----a-w- C:\windows\SysWow64\sho478F.tmp 2012-01-12 23:01:55 0 ----a-w- C:\windows\SysWow64\sho55DC.tmp 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb . ============= FINISH: 23:03:46.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/6/2012 2:02:14 PM System Uptime: 2/28/2012 7:05:11 PM (4 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU1 | 2200/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 365.584 GiB free. D: is FIXED (NTFS) - 29 GiB total, 26.818 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP92: 2/24/2012 5:40:55 AM - avast! Free Antivirus Setup RP93: 2/24/2012 5:43:44 AM - avast! Free Antivirus Setup RP94: 2/24/2012 1:56:37 PM - Windows Update RP95: 2/24/2012 7:44:49 PM - Installed TuneUp Utilities 2012 RP96: 2/24/2012 8:43:14 PM - Removed TuneUp Utilities 2012 RP97: 2/24/2012 8:43:46 PM - Removed TuneUp Utilities Language Pack (en-US) RP98: 2/25/2012 8:10:22 PM - Restore Operation RP99: 2/26/2012 7:00:52 PM - Windows Backup RP100: 2/27/2012 1:28:08 PM - OTL Restore Point - 2/27/2012 1:28:05 PM RP101: 2/27/2012 1:28:39 PM - OTL Restore Point - 2/27/2012 1:28:39 PM RP102: 2/28/2012 5:44:13 PM - Restore Operation . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Ask Toolbar Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Connection Keeper Connection Monitor Connectivity Fixer Download Manager DriverUpdate ElephantDrive Desktop Energy Management Glary Utilities 2.42.0.1389 Google Chrome Google Update Helper InstallIQ Updater Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Itibiti RTC Java Auto Updater Java 6 Update 31 Junk Mail filter update Kaspersky Anti-Virus 2012 Knctr Lenovo Driver Download Manager Lenovo EasyCamera Lenovo Games Console Lenovo OneKey Recovery Lenovo YouCam Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Thunderbird 10.0.2 (x86 en-US) MSRedx64 MSVCRT MSVCRT_amd64 NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111 NirSoft WirelessNetView Norton AntiVirus Norton Management Norton Online Norton Safety Minder ooVoo ooVoo toolbar, powered by Ask.com Updater Pando Media Booster Power Tab Editor 1.7 Power2Go Realtek USB 2.0 Reader Driver ReImageCompanion Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) SendSpace Wizard Skype™ 5.8 Star Trek Online Super Speed Internet & Browser Assistant SySpeed TransferBigFiles Desktop Client Trojan Remover 6.8.2 TuneUp Utilities Language Pack (en-US) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) UserGuide Webcam 1-2-3 WeFi 4.0.1.0 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinUtilities 10.41 Professional Edition Wireless Wizard ver 5.2 . ==== Event Viewer Messages From Past Week ======== . 2/28/2012 7:09:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service. 2/28/2012 7:09:34 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 7:09:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/28/2012 7:08:07 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 2/28/2012 7:05:44 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 5:54:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007041d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 2/28/2012 5:44:46 PM, Error: Service Control Manager [7034] - The ElephantDrive-MappedDrive service terminated unexpectedly. It has done this 1 time(s). 2/27/2012 9:51:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 2/27/2012 9:51:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/27/2012 9:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/27/2012 9:40:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:36:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOSE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{73B8F4AE-6469-4024-9029-8469BCCB146F}. The master browser is stopping or an election is being forced. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/26/2012 9:03:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV SymIRON SymNetS 2/26/2012 5:04:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 2/26/2012 3:31:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 2/26/2012 12:11:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 2/26/2012 12:11:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 2/26/2012 12:10:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service. 2/25/2012 8:58:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 2/25/2012 8:39:09 PM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:39:09 PM, Error: IPRIP [29052] - IPRIP could not request multicasting on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:22:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2/25/2012 8:19:35 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. 2/23/2012 12:09:21 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 2/23/2012 11:25:08 AM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 192.168.1.113. The data is the error code. 2/22/2012 3:18:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON SymNetS 2/21/2012 11:40:43 AM, Error: Microsoft Antimalware [3002] - 2/21/2012 10:21:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON 2/21/2012 1:37:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf . ==== End Of File =========================== From RichJacoby , additional info: I have a set of png's from various screen captures of differnet warnings etc.such as NPFS32.dll is infected; Norton:trojan.adh.2 has been removed... On my first run of Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Richard :: FRED [administrator] Protection: Enabled 2/18/2012 8:39:02 PM mbam-log-2012-02-18 (20-39-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 284132 Time elapsed: 9 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Program Files (x86)\DictionaryBoss\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 7 C:\Users\Richard\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\Users\Richard\Downloads\jenkatarcade.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Users\Richard\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\installKeys.js (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome\v4ffxtbr.jar (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.