Jump to content

Search the Community

Showing results for tags 'Google redirect'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 21 results

  1. Hi all, Just this morning I typed in "gmail" into my google chrome bar, and it changed it to "gmail/" and redirected me to a different, unusual search engine. I've searched other things in the google chrome bar, and none of these illicit the same response. Just "gmail". Malwarebytes (free) can't find it, nothing seems to be able to find it. I even tried looking for TDSS or other suspicious rootkits manually. Here is my FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01 Ran by B**** (administrator) on **deleted** on 01-06-2014 19:48:03Running from C:\Users\B****\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe(Dropbox, Inc.) C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(Microsoft Corporation) C:\Windows\regedit.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google) C:\Users\Barbara\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-06-20] (Synaptics Incorporated)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-06-20] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeHKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [Google Update] => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-02] (Google Inc.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentHKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-09] (Spotify Ltd)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\MountPoints2: {5dd00ffe-1a4c-11e3-96a0-2c27d7af7769} - G:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-62187835-901079275-219626047-1000\...\MountPoints2: {f6e6cd79-c1b8-11e2-9944-2c27d7af7769} - G:\HTC_Sync_Manager_PC.exeStartup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7EB4E91B-1B7B-4DDB-B4D6-2F50D43ECEB5&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Barbara\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Barbara\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Barbara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Barbara\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Barbara\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: =======CHR HomePage: hxxp://www.att.net/CHR StartupUrls: "hxxp://www.att.net/"CHR Plugin: (Shockwave Flash) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.731.433.1_0\plugin/ace.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Barbara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Chrome for a Cause) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfammmagchhaohncbhghoohcfoeckdi [2011-07-03]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]CHR Extension: (Stylish) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2012-09-09]CHR Extension: (XKit) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-06]CHR Extension: (Hola Better Internet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-07]CHR Extension: (Website Blocker (Beta)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-27]CHR Extension: (Where to delete an account) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpofkfbabpbbmchmiekfnlcgaedbgcf [2013-08-28]CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-07-02]CHR Extension: (Hangouts) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-06-29]CHR Extension: (Cath Kidston) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2012-08-23]CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]CHR Extension: (SiteBlock) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2012-08-23]CHR Extension: (Send from Gmail (by Google)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-10-22]CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01]CHR StartMenuInternet: Google Chrome - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-08-29] (Symantec Corporation)R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-30] (BitDefender)R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-15] (Anchorfree Inc.)R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]U3 ufloqkog; \??\C:\Users\Barbara\AppData\Local\Temp\ufloqkog.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 19:48 - 2014-06-01 19:48 - 00026247 _____ () C:\Users\Barbara\Downloads\FRST.txt2014-06-01 19:47 - 2014-06-01 19:48 - 00000000 ____D () C:\FRST2014-06-01 19:47 - 2014-06-01 19:47 - 02067456 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe2014-06-01 19:14 - 2014-06-01 19:14 - 00380416 _____ () C:\Users\Barbara\Downloads\2x1q3i1y.exe2014-06-01 18:15 - 2014-06-01 18:15 - 00000000 ____D () C:\Windows\pss2014-06-01 17:51 - 2014-06-01 17:53 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Barbara\Downloads\iExplorer.exe.exe2014-06-01 17:43 - 2014-06-01 17:43 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-01 17:41 - 2014-06-01 17:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe2014-06-01 17:24 - 2014-06-01 18:23 - 00000112 _____ () C:\Windows\setupact.log2014-06-01 17:24 - 2014-06-01 17:24 - 00000000 _____ () C:\Windows\setuperr.log2014-06-01 17:08 - 2014-06-01 18:27 - 00049830 _____ () C:\Windows\WindowsUpdate.log2014-06-01 16:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-01 16:58 - 2014-06-01 17:02 - 00000000 ____D () C:\AdwCleaner2014-06-01 16:58 - 2014-06-01 16:58 - 01327971 _____ () C:\Users\Barbara\Downloads\AdwCleaner.exe2014-06-01 16:35 - 2014-06-01 16:35 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Barbara\Downloads\iExplore.exe2014-06-01 16:34 - 2014-06-01 16:34 - 00678768 _____ ( ) C:\Users\Barbara\Downloads\ZipSetup.exe2014-05-30 22:17 - 2014-05-30 22:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys2014-05-28 02:52 - 2014-05-28 02:52 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader2014-05-22 12:51 - 2014-05-23 21:36 - 00000000 ____D () C:\Users\Barbara\Documents\The Shattered Medallion2014-05-21 15:16 - 2014-05-21 15:16 - 00000055 _____ () C:\Users\Barbara\Desktop\xmas 2014.txt2014-05-11 22:44 - 2014-05-11 22:44 - 02852352 _____ () C:\Users\Barbara\Downloads\katiescellcyclepresentation.ppt2014-05-11 22:23 - 2014-05-11 22:23 - 09714578 _____ () C:\Users\Barbara\Downloads\Exam 3 study slide set B.pptx2014-05-11 22:16 - 2014-05-11 22:17 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A (1).pptx2014-05-11 21:42 - 2014-05-11 21:43 - 13560576 _____ () C:\Users\Barbara\Downloads\cell cycle and apop with notes.pptx2014-05-11 21:42 - 2014-05-11 21:42 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C (1).ppt2014-05-11 20:24 - 2014-05-11 20:24 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C.ppt2014-05-11 20:05 - 2014-05-11 20:05 - 05279744 _____ () C:\Users\Barbara\Downloads\Exam 4 slide set B.ppt2014-05-11 17:53 - 2014-05-11 17:53 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A.pptx2014-05-06 22:23 - 2014-06-01 18:25 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DropboxMaster ==================== One Month Modified Files and Folders ======= 2014-06-01 19:49 - 2011-07-02 02:34 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Temp2014-06-01 19:48 - 2014-06-01 19:48 - 00026247 _____ () C:\Users\Barbara\Downloads\FRST.txt2014-06-01 19:48 - 2014-06-01 19:47 - 00000000 ____D () C:\FRST2014-06-01 19:47 - 2014-06-01 19:47 - 02067456 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe2014-06-01 19:22 - 2011-07-02 02:45 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA.job2014-06-01 19:14 - 2014-06-01 19:14 - 00380416 _____ () C:\Users\Barbara\Downloads\2x1q3i1y.exe2014-06-01 18:31 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-01 18:31 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-01 18:27 - 2014-06-01 17:08 - 00049830 _____ () C:\Windows\WindowsUpdate.log2014-06-01 18:25 - 2014-05-06 22:23 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DropboxMaster2014-06-01 18:25 - 2014-04-17 01:20 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Htc2014-06-01 18:25 - 2011-11-02 22:37 - 00000000 ___RD () C:\Users\Barbara\Dropbox2014-06-01 18:25 - 2011-11-02 22:36 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Dropbox2014-06-01 18:23 - 2014-06-01 17:24 - 00000112 _____ () C:\Windows\setupact.log2014-06-01 18:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-01 18:15 - 2014-06-01 18:15 - 00000000 ____D () C:\Windows\pss2014-06-01 17:53 - 2014-06-01 17:51 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Barbara\Downloads\iExplorer.exe.exe2014-06-01 17:44 - 2014-04-14 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-01 17:43 - 2014-06-01 17:43 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-01 17:43 - 2014-04-14 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-01 17:42 - 2014-06-01 17:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe2014-06-01 17:24 - 2014-06-01 17:24 - 00000000 _____ () C:\Windows\setuperr.log2014-06-01 17:05 - 2013-11-26 14:27 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBarbara.job2014-06-01 17:02 - 2014-06-01 16:58 - 00000000 ____D () C:\AdwCleaner2014-06-01 16:58 - 2014-06-01 16:58 - 01327971 _____ () C:\Users\Barbara\Downloads\AdwCleaner.exe2014-06-01 16:35 - 2014-06-01 16:35 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Barbara\Downloads\iExplore.exe2014-06-01 16:34 - 2014-06-01 16:34 - 00678768 _____ ( ) C:\Users\Barbara\Downloads\ZipSetup.exe2014-06-01 16:11 - 2013-11-26 14:27 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBarbara2014-06-01 16:10 - 2012-04-22 18:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-01 16:10 - 2011-07-03 16:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-01 00:12 - 2009-07-14 01:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-31 23:11 - 2011-07-02 02:39 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0ADAF099-8859-4AA8-BC6C-768B072FE125}2014-05-31 17:22 - 2011-07-02 02:45 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core.job2014-05-31 03:22 - 2011-07-02 03:09 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype2014-05-30 22:17 - 2014-05-30 22:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys2014-05-30 16:15 - 2013-07-11 02:22 - 00001456 _____ () C:\Users\Barbara\AppData\Local\Adobe Save for Web 13.0 Prefs2014-05-28 20:17 - 2013-08-03 23:13 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Flvto Youtube Downloader2014-05-28 03:20 - 2013-08-03 23:14 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\FlvtoConverter2014-05-28 02:52 - 2014-05-28 02:52 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader2014-05-28 02:36 - 2013-07-28 00:34 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Audacity2014-05-26 03:15 - 2012-02-09 20:08 - 00000000 ____D () C:\Windows\Minidump2014-05-25 00:35 - 2011-11-02 22:36 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-25 00:35 - 2011-07-02 02:39 - 00000000 ___RD () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-23 21:36 - 2014-05-22 12:51 - 00000000 ____D () C:\Users\Barbara\Documents\The Shattered Medallion2014-05-22 19:39 - 2011-07-02 02:46 - 00002376 _____ () C:\Users\Barbara\Desktop\Google Chrome.lnk2014-05-22 12:32 - 2012-12-26 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive2014-05-22 12:32 - 2012-12-26 00:28 - 00000000 ____D () C:\Program Files (x86)\Her Interactive2014-05-21 17:23 - 2012-11-05 10:29 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Mozilla2014-05-21 15:16 - 2014-05-21 15:16 - 00000055 _____ () C:\Users\Barbara\Desktop\xmas 2014.txt2014-05-21 13:22 - 2011-08-12 16:42 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CrashDumps2014-05-19 02:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-12 07:26 - 2014-04-14 00:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-04-14 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-02-27 14:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 22:44 - 2014-05-11 22:44 - 02852352 _____ () C:\Users\Barbara\Downloads\katiescellcyclepresentation.ppt2014-05-11 22:23 - 2014-05-11 22:23 - 09714578 _____ () C:\Users\Barbara\Downloads\Exam 3 study slide set B.pptx2014-05-11 22:17 - 2014-05-11 22:16 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A (1).pptx2014-05-11 21:43 - 2014-05-11 21:42 - 13560576 _____ () C:\Users\Barbara\Downloads\cell cycle and apop with notes.pptx2014-05-11 21:42 - 2014-05-11 21:42 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C (1).ppt2014-05-11 20:24 - 2014-05-11 20:24 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C.ppt2014-05-11 20:05 - 2014-05-11 20:05 - 05279744 _____ () C:\Users\Barbara\Downloads\Exam 4 slide set B.ppt2014-05-11 17:53 - 2014-05-11 17:53 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A.pptx2014-05-11 17:17 - 2011-07-02 02:45 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA2014-05-11 17:17 - 2011-07-02 02:45 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core Some content of TEMP:====================C:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumop6y.dllC:\Users\Barbara\AppData\Local\Temp\ICReinstall_ZipSetup.exeC:\Users\Barbara\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-14 17:36 ==================== End Of Log ============================ Here is the Additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01Ran by Barbara at 2014-06-01 19:49:30Running from C:\Users\B*****\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)Adobe Help Center 2.1 (x32 Version: 2.1 - Adobe Systems) HiddenAdobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)Adobe Photoshop Elements 5.0 (x32 Version: 5.0 - Adobe Systems Inc.) HiddenAdobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) HiddenAmazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) HiddenBBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenContentHD (x32 Version: 1.00.0002 - Corel Corporation) HiddenContents (x32 Version: 1.6.2.36 - Corel Corporation) HiddenCorel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.36 - Corel Corporation)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A606DAFB-9991-4C9F-9348-E04B5237DEB9}) (Version: - Microsoft)DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFlvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.6 - Hotger)Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) HiddenHP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)ICA (x32 Version: 1.6.2.36 - Corel Corporation) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) HiddenIPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) HiddenJavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMicrosoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMLE (x32 Version: 1.0.0.23 - Corel Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenNamco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNancy Drew: Ghost of Thornton Hall (HKLM-x32\...\{93C2CDF6-6072-4EF7-8F19-B601E92C9795}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Deadly Device (HKLM-x32\...\{BCD434CF-447A-42A8-A4C3-D929fE776EFD}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Shattered Medallion (HKLM-x32\...\{7AD29F31-9DFD-43A4-8172-92F7F1CDB21A}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Silent Spy (HKLM-x32\...\{35B438BB-E18B-4FD9-8D56-50BA90C11A71}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\{9850BE9B-BC00-437F-B229-1F982D8CA2BF}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.27.0 - NortonLive Services)Origin (HKLM-x32\...\Origin) (Version: 8.2.1.458 - Electronic Arts, Inc.)PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) HiddenPenguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPureHD (x32 Version: 1.6.2.36 - Corel Corporation) HiddenQuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) HiddenRoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)Setup (x32 Version: 1.6.2.36 - Corel Corporation) HiddenShare (x32 Version: 1.6.2.36 - Corel Corporation) HiddenShare64 (Version: 1.6.2.36 - Corel Corporation) HiddenSkype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) HiddenSmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) HiddenSmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) HiddenSpotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)Synctunes Desktop (HKLM-x32\...\{48C16095-BE15-48C7-9F13-FF2242587AEB}) (Version: 1.1.2 - The Bit Studio)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C06ABC7E-8923-4BB1-A7A2-197F5A3E0973}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenValidity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)VIO (x32 Version: 1.6.2.36 - Corel Corporation) HiddenVirtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenVSClassic (x32 Version: 1.6.2.36 - Corel Corporation) HiddenVSPro (x32 Version: 1.6.2.36 - Corel Corporation) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) HiddenZuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 22-02-2014 04:56:27 Windows Update25-02-2014 19:09:57 Removed Microsoft Security Client17-04-2014 04:05:34 Installed Asoftech Data Recovery17-04-2014 05:19:15 Installed HTC Sync.22-05-2014 16:31:04 Installed Nancy Drew: The Shattered Medallion ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0EDBC0C7-443F-4E15-B85A-EF6EA324AB54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)Task: {2A064A68-FE96-403C-BF0C-1690FF52E82E} - System32\Tasks\hpwebreg_CN1573D5GV05HX => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)Task: {3121CAA5-5FF7-4353-B38F-55D1238F3C3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {36117B9B-7D3C-4A88-9CD9-61ED01DCECCB} - System32\Tasks\{551E7B5C-33E8-4734-8C75-4B653422D609} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {46EFB781-5E9B-4C28-9616-0059FF73C93F} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)Task: {4B5F041D-2D59-4F4E-9D31-30E253AED09A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {55AF6FCB-3218-436A-908B-E48F0B7C5B5C} - System32\Tasks\{B6D2DE9B-C363-46E3-B229-01829EB74E1E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)Task: {5E5E6AF1-D61C-4004-882F-5A8DA6826CF2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-62187835-901079275-219626047-1000Task: {63F2DA8E-3BE1-4AA1-8D00-A325784A5911} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {6D333045-DBF2-48D0-96CF-1C295085B8D7} - System32\Tasks\HPCeeScheduleForBarbara => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {6E42BF49-1D54-4029-8902-5700DE05EFA7} - System32\Tasks\{3A16B48E-ACA8-43D7-BDC3-F58EBBDC953E} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {7211BB8F-E01C-424B-B492-3E8EB3426836} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()Task: {765BFC67-19D8-479E-B2C2-829177C8858C} - System32\Tasks\{1AE01EC4-C95C-47E9-B379-5826B429B646} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {7ABBBB2D-B596-49E8-BA1D-6A55EA14EAD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-27] (Microsoft)Task: {80FC50FE-EBF3-4D99-BF00-1E43CDC60532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)Task: {B24E1BFC-8E4B-47A0-8580-B165DC8EED2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {D9EE2D56-05D5-4B86-A76E-3A5DD5218C1B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)Task: {DB8FBF68-F383-464E-AFFF-F8E813BE4D2D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)Task: {E23C2C55-BB6B-4371-ADCA-509B79BA8010} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core.job => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA.job => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForBarbara.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\hpwebreg_CN1573D5GV05HX.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-25 15:27 - 2013-03-19 13:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll2014-02-25 15:27 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe2011-06-21 23:09 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00651264 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe2010-06-24 05:21 - 2010-06-24 05:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll2014-06-01 18:25 - 2014-06-01 18:25 - 00043008 _____ () c:\users\barbara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumop6y.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Barbara\AppData\Roaming\Dropbox\bin\libcef.dll2011-05-26 16:42 - 2011-05-26 16:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll2012-04-17 15:05 - 2012-04-17 15:05 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll2013-06-20 22:54 - 2013-06-20 22:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3207ec5d29347a1f980dc373d64236c9\IsdiInterop.ni.dll2011-06-21 23:09 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-22 19:39 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-22 19:39 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-05-18 19:18 - 1980-01-01 01:00 - 00181760 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.507.433.1_0\plugin\ace.dll2014-05-22 19:39 - 2014-05-13 19:40 - 13695816 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Barbara\Downloads\2x1q3i1y.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\adr.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\AdwCleaner.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\FRST64.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\FYDLoad.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\iExplore.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\iExplorer.exe.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\ZipSetup.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/01/2014 06:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 03:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 00:06:43 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2014 04:42:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 10:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 00:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2014 06:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (06/01/2014 06:58:43 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5F688659-9F42-4AD9-9BD7-5519E05A25CF}.The backup browser is stopping. Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions:=========================Error: (06/01/2014 06:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 03:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 00:06:43 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2014 04:42:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 10:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 00:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2014 06:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 68%Total physical RAM: 4043.86 MBAvailable physical RAM: 1288.26 MBTotal Pagefile: 8085.91 MBAvailable Pagefile: 4623.39 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.2 GB) (Free:303.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1A3F0DFB)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  2. Hello, I hope you can help. I use Chrome as my default browser. I started noticing occasional "Serve.bannersdontwork" pop ups a week ago, but as of today I get a redirect every time I start Google in Chrome. Fortunately, for the time being at least, IE seems to be unaffected. I use MS Essentials all the time but when I notice any odd behaviour, as now, I rum MB Antimalware. Full scans of both come up clean. I did try running MB Anti-Rootkit beta - but it said "No Malware found". I have spotted Saffe saevue under the list of Chrome tools. I fire up DDS - it says it is going to generate the two log files - but then never does...
  3. Hello, I have been affected with the google redirect virus. When I google something and click on the link it takes me to a diffrent site. I was using firefox 12.2. Can you please assit me with this issue. Thank You
  4. I have run in installed version of Lavasoft AdAware as well as an online scan of Dr Web Cure-it, and I just ran the Malwarebytes scan (which found some trojans) to remove a nasty redirect infection in all my browsers (FF, IE, Chrome). The infection remains and all Google SERPs only redirect to ads. I have run DDS and the two logs are saved to my desktop. As per the "Attach" text file instructions, I am NOT including that report below until directed to do so. Below is the dds.txt report (personal info redacted). Can you please help? Thanks in advance! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by XXXXXXX at 12:56:02 on 2013-02-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1269 [GMT -8:00] . AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\locator.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Documents and Settings\XXXXXXX\My Documents\Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mSearchAssistant = hxxp://www.google.com/ie dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1 mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoWelcomeScreen = dword:1 mPolicies-System: dontdisplaylastusername = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C4DDE2AD-5686-4A76-8409-5A17E0593A11} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: IfxWlxEN - <no file> Notify: OneCard - <no file> SSODL: CDBurn - <orphaned> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli AsWlnPkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\XXXXXX.laptop2\application data\mozilla\firefox\profiles\te4pn09h.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\XXXXXX.laptop2\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\XXXXXX\my documents\firefox\plugins\npdeployJava1.dll FF - plugin: c:\documents and settings\XXXXXX\my documents\firefox\plugins\npicaN.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\windows\npMSDM.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll FF - ExtSQL: !HIDDEN! 2010-03-25 08:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-10-25 35488] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-9-26 87936] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968] S0 aarmi;aarmi;c:\windows\system32\drivers\xtrf.sys --> c:\windows\system32\drivers\xtrf.sys [?] S1 MpKsldd393293;MpKsldd393293;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a641c263-a8b7-4a57-9ca5-b8b4cf5dd263}\mpksldd393293.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a641c263-a8b7-4a57-9ca5-b8b4cf5dd263}\MpKsldd393293.sys [?] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?] S3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys --> c:\windows\system32\drivers\vfilter.sys [?] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2011-2-28 9472] S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-2-28 827488] S3 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-8-12 1213728] S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys --> c:\windows\system32\drivers\virtualnet.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-02-16 15:17:02 -------- dc----w- c:\documents and settings\XXXXXX.laptop2\application data\Malwarebytes 2013-02-16 15:16:43 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes 2013-02-16 15:16:42 21104 -c--a-w- c:\windows\system32\drivers\mbam.sys 2013-02-16 15:16:42 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-07 13:03:51 -------- dc----w- c:\program files\Pointstone 2013-01-20 13:59:51 -------- dc----w- c:\documents and settings\all users\application data\GFI Software 2013-01-20 13:41:11 -------- dc----w- c:\windows\ERUNT . ==================== Find3M ==================== . 2013-02-09 20:50:18 74096 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-09 20:50:18 697712 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2008-01-31 20:43:34 90112 -c--a-w- c:\program files\RegCleaner.exe . ============= FINISH: 12:57:07.51 ===============
  5. Hi, I'm not a computer moron, but i have had no real luck removing the virus on this computer, and am begging for some assistance. This is my girlfriends laptop, so I have no real idea of how she got the virus, but it has been redirecting and on occasion causing pop-ups. I haven't run anything crazy like combofix, but have been using malwarebytes, the full version. I have read some of the other threads on the topic and have a basic idea of how the process works, but I have never actually posted on the forum. Any help would be greatly appreciated.
  6. Hi there, I seem to have the same Google search redirect problem as other forum members. The problem occurs in both IE and FF. MWB is up to date but does not seem to identify any threats.
  7. Please see attached logs and let me know how to remove the Google redirect infection I appear to have. My symptoms: 1. Open Google browser. 2. Enter search criteria 3. Click one of the result and go to the wrong URL. I'm running IE9 on 64-bit Win7, with SEP and current virus definitions. Thanks, Jan . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35 Run by dennyj at 9:21:58 on 2012-10-01 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.3343 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\dennyj\Downloads\tdsskiller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mWinlogon: Userinit=userinit.exe BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] Rundll32.exe C:\Users\dennyj\AppData\Local\Skype\nnctjthr.dll,EditHhCtrlScript mRun: [<NO NAME>] mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" StartupFolder: C:\Users\dennyj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dennyj\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F3514AA4-8E4E-4A13-8BF4-433761846975} : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File mRun-x64: [(Default)] mRun-x64: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dennyj\AppData\Roaming\Mozilla\Firefox\Profiles\psyyadom.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=4FD21BE8-CF1B-49A0-B58D-45BE93537480&apn_ptnrs=&apn_sauid=A0857D08-F373-4475-B048-0364EDD69D1C&apn_dtid=OSJ000&&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\eRoom 7\npeRoom7.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-28 3246040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 135664] S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-4-18 517632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250288] S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 135664] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PAC7311;VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS --> C:\Windows\system32\DRIVERS\PA707UCM.SYS [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] . =============== Created Last 30 ================ . 2012-09-28 07:20:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2012-09-26 12:55:01 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-20 23:15:32 10213296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-09-11 22:17:12 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-11 22:17:12 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-11 22:17:09 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-11 22:17:09 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-11 22:17:07 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-11 22:17:07 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-11 22:17:06 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-04 14:48:20 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-09-04 14:37:59 -------- d-----w- C:\ProgramData\Ask 2012-09-04 14:37:27 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll . ==================== Find3M ==================== . 2012-09-20 23:15:36 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 23:15:36 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-06 16:20:28 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys 2012-09-04 14:37:17 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 9:23:20.36 =============== Attach.txt DDS.txt
  8. I have the google redirect virus, below are my dds and attach files I would appreciate help to remove this annoying virus Thanks in Advance, Derrick . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by djhallman at 12:51:07 on 2012-09-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3511 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\splwow64.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\PrintIsolationHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Google Update] "C:\Users\djhallman\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [dshco] "C:\Windows\System32\rundll32.exe" "C:\Users\djhallman\AppData\Roaming\dshco.dll",ReadLongFromFile mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [<NO NAME>] mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\DJHALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe StartupFolder: C:\Users\DJHALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Program Files (x86)\WhiteSmoke\WSTray.exe StartupFolder: C:\Users\DJHALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181}\05967656F6E60264F62776560254870727563737 : DhcpNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181}\2375942554039373 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181}\2494747697D6E6163747963637 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181}\84F6C69646169794E6E6 : DhcpNameServer = 24.247.24.53 24.247.15.53 TCP: Interfaces\{A9E3AEC5-E6A0-4BA6-983C-FF85D6D0C181}\C696E6B6379737 : DhcpNameServer = 207.69.188.186 207.69.188.187 TCP: Interfaces\{E2B2AB62-503C-456D-9C0F-0FB95A68FD49} : DhcpNameServer = 192.168.1.254 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [(Default)] mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\djhallman\AppData\Roaming\Mozilla\Firefox\Profiles\j8r3f5io.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.http - 108.60.145.54 FF - prefs.js: network.proxy.http_port - 60099 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\djhallman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\djhallman\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-6-5 1160824] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120607.001\IDSviA64.sys [2012-6-8 488568] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-31 89600] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-6 263496] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-31 13336] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-31 2656280] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-8 138912] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-6 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-31 250288] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-30 17:25:48 20480 ----a-w- C:\Windows\svchost.exe 2012-09-12 19:46:18 -------- d-----w- C:\Program Files (x86)\UBot Studio 2012-09-12 19:22:17 -------- d-----w- C:\Program Files (x86)\Market Samurai 2012-09-07 21:42:26 1658368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll 2012-09-07 13:41:47 -------- d-----w- C:\Users\djhallman\AppData\Roaming\EurekaLog 2012-09-05 21:22:46 -------- d-----w- C:\Users\djhallman\AppData\Local\{D09D0F0A-F79F-11E1-8270-B8AC6F996F26} 2012-09-05 21:22:38 1612288 ----a-w- C:\Users\djhallman\AppData\Roaming\dshco.dll 2012-09-04 14:38:31 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{926F46A1-6AD3-4FF0-A715-150D9CDEA167}\mpengine.dll . ==================== Find3M ==================== . 2012-09-21 14:30:16 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 14:30:16 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-06 03:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-06 02:17:58 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys 2012-07-06 02:17:57 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 12:52:04.47 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/11/2011 4:50:04 PM System Uptime: 9/30/2012 12:24:04 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1658 Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 678 GiB total, 536.299 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.161 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 7400 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 7400 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Officejet 7400 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet 7400 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP118: 9/20/2012 8:44:06 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7300_Help 7400 Adobe AIR Adobe Community Help Adobe Fireworks CS5 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Avant Browser (remove only) Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony BufferChm Cake Mania Chronicles of Albian Chuzzle Deluxe Cisco WebEx Meetings Copy Cradle of Rome 2 CyberLink YouCam D3DX10 Destinations DeviceDiscovery DHTML Editing Component DocProc eFax Messenger Elements 9 Organizer Elements STI Installer ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FATE Fax FileZilla Client 3.5.3 Free RAR Extract Frog Google Chrome Governor of Poker 2 Premium Edition GPBaseService2 Hewlett-Packard ACLM.NET v1.1.1.0 HP Customer Experience Enhancements HP Documentation HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Wireless Display Java Auto Updater Java 6 Update 31 Java 7 Update 5 JavaFX 2.1.1 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update Mah Jong Medley Malwarebytes Anti-Malware version 1.62.0.1300 Market Samurai MarketResearch Mass Video Blaster Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Office XP Standard Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 15.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Norton Internet Security Nvu 1.0PR PdaNet for Android 3.50 Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer QuickBooks Basic Edition 2003 Rank Tracker Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver RoboForm 7-8-2-5 (All Users) RoxioNow Player Scan Slingo Supreme SmartSound Quicktracks for Premiere Elements 9.0 SmartWebPrinting SolutionCenter Spybot - Search & Destroy Status StubHub Importer v1.0 TheBestSpinner Toolbox TrayApp Turbo Lister 2 UBot UBot Studio UnloadSupport Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Video Marketing Blaster VIP Access SDK (1.0.1.2) Virtual Villagers 5 - New Believers WebReg WhiteSmoke WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 9/30/2012 12:25:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/30/2012 12:25:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 9/30/2012 12:24:55 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 9/30/2012 12:24:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 9/30/2012 12:24:53 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 9/30/2012 12:24:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 9/30/2012 12:24:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/28/2012 7:20:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service. 9/28/2012 6:04:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 9/27/2012 7:09:23 AM, Error: Service Control Manager [7022] - The Intel® Management and Security Application User Notification Service service hung on starting. 9/25/2012 6:33:00 PM, Error: Service Control Manager [7031] - The MozyHome Backup Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 9/25/2012 1:34:55 PM, Error: Service Control Manager [7031] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================
  9. I have a virus that cannot be found be malwarebytes, it redirects by google searh results Can someone help me get rid of this virus Thanks in advance, Derrick
  10. Hello, I previously responded to someone else's thread, which I now know is the incorrect procedure here. I want to make sure I follow the rules, so I'm starting my own post, even though I don't wish to have a new thread and a thread "bumped" by me. I don't want to come across as someone who is disrespectfully spamming this forum, so I wanted to explictily state my purpose behind starting this thread (when I made the mistake of responding to a thread that was not mine already). Again, I'm really sorry for messing up earlier, and I'm going to be trying my hardest to follow any further instructions I receive the best I can. Anyways, like many others my computer has managed to get infected with a google search redirecting malware (which Malwarebytes hasn't been able to detect and fix). I'm not sure what other information will be helpful in assisting me, but please let me know what other information I can provide. I will post the DDS logfiles below. Thank you so much in advance, John DDS --------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by John Terbot at 17:14:07 on 2012-09-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.5660 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\CxAudMsg64.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\SAsrv.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.msn.com uDefault_Page_URL = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" uRun: [Google Update] "C:\Users\John Terbot\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler uRun: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN25P5521Z05QB:NW" -scfn "HP Photosmart 6510 series (NET)" - AutoStart 1 mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{3AD1CDC9-AB31-48FB-B4B4-35F73C59A9A9} : DhcpNameServer = 192.168.42.129 TCP: Interfaces\{3DD10257-90A8-4DED-BC94-5A9C23384560} : DhcpNameServer = 192.168.42.129 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\16474777966696 : DhcpNameServer = 10.36.16.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\3424350275962756C6563737 : DhcpNameServer = 140.254.232.33 140.254.201.4 128.146.117.95 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\4416273786 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\47572726F6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\D4F6F6B696A4F6573756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\F43555D4340274575637470294E6475627E65647 : DhcpNameServer = 140.254.127.108 TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\F6375777962756C6563737 : DhcpNameServer = 128.146.1.7 128.146.48.7 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO-X64: IEPlugin - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John Terbot\AppData\Roaming\Mozilla\Firefox\Profiles\n3ivstc2.default\ FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\John Terbot\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\John Terbot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\John Terbot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\John Terbot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-25 40808] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-12-29 45496] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-25 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-25 2009704] R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-8-25 446592] R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-25 378472] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-29 114024] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-29 64440] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088] R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\system32\DRIVERS\bthprint.sys --> C:\Windows\system32\DRIVERS\bthprint.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-26 116648] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-3 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-25 477032] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-26 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-25 79208] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-17 20:30:15 -------- d-----w- C:\022190cde2cf097be06991 2012-09-13 18:30:58 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\HpUpdate 2012-09-13 18:30:55 778088 ------w- C:\Windows\System32\HPDiscoPMA511.dll 2012-09-13 18:30:29 -------- d-----w- C:\Program Files (x86)\HP 2012-09-13 18:29:30 -------- d-----w- C:\Program Files\HP 2012-09-13 18:24:05 -------- d-----w- C:\Users\John Terbot\AppData\Local\HP 2012-09-13 17:41:32 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-08-30 20:25:44 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2012-08-30 20:25:42 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-08-30 20:25:08 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\Macrovision 2012-08-29 17:30:34 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\MathWorks 2012-08-29 17:18:30 -------- d-----w- C:\Program Files\MATLAB 2012-08-29 17:10:08 -------- d-----w- C:\Windows\SysWow64\E177E04D548C4006A465EEB92D3DE021 2012-08-29 17:10:06 -------- d-----w- C:\Users\John Terbot\AppData\Local\Programs 2012-08-29 17:09:56 -------- d-----w- C:\Program Files (x86)\Minitab 15 2012-08-29 17:08:59 -------- d-----w- C:\Users\John Terbot\AppData\Local\Downloaded Installations 2012-08-29 16:45:10 -------- d-----w- C:\Program Files (x86)\MATLAB 2012-08-28 23:45:50 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\LolClient 2012-08-28 23:13:35 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-08-28 23:13:35 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-08-28 23:13:34 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-08-28 23:10:09 -------- d-----w- C:\Riot Games 2012-08-28 21:54:36 -------- d-----w- C:\Program Files (x86)\League of legends 2012-08-28 21:45:44 -------- d-----w- C:\Users\John Terbot\AppData\Local\PMB Files 2012-08-28 21:45:43 -------- d-----w- C:\ProgramData\PMB Files 2012-08-28 21:45:28 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-08-26 16:34:52 -------- d-s---w- C:\Users\John Terbot\Google Drive . ==================== Find3M ==================== . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-16 18:35:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-16 18:35:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-22 01:12:58 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys . ============= FINISH: 17:14:55.21 =============== Attach -------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/8/2011 1:56:39 PM System Uptime: 9/17/2012 4:22:33 PM (1 hours ago) . Motherboard: LENOVO | | 4177CTO Processor: Intel® Core i7-2620M CPU @ 2.70GHz | CPU | 783/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 346 GiB total, 33.467 GiB free. G: is CDROM (CDFS) Q: is FIXED (NTFS) - 16 GiB total, 0.021 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8} _VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8} _VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC} _VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC} _VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000 Service: . ==== System Restore Points =================== . RP151: 9/15/2012 4:11:08 AM - Scheduled Checkpoint RP152: 9/17/2012 4:31:31 PM - Removed iTunes . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.4.0 Alarm Apple Application Support Apple Software Update Aquaria Audacity 1.3.13 (Unicode) Audiosurf Bing Bar BioShock Borderlands Burn.Now 4.5 Character Builder Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory Lenovo Edition Corel WinDVD Create Recovery Media D3DX10 Direct DiscRecorder DivX Web Player Dota 2 eLicenser Control Fallout 3 - Game of the Year Edition Goodnight Timer 1.1 Google Chrome Google Drive Google Talk Plugin Google Update Helper HP Photosmart 6510 series Help HP Update Inside a Star-filled Sky Integrated Camera Driver Installer Package Ver.1.1.0.1147 Integrated Camera TWAIN Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Processor Graphics Java Auto Updater Java 6 Update 31 JMP 9 JMPProfilerCoreSetup JMPProfilerGUISetup Junk Mail filter update Jurassic Park Operation Genesis Keyboard Synthesizer League of Legends Lenovo Registration Lenovo User Guide Lenovo Warranty Information Lenovo Welcome LogMeIn Hamachi Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Message Center Plus Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Pandora's Box Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 4.0 Minitab 15 English Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Pando Media Booster Pharos Portal Portal 2 RapidBoot RICOH_Media_Driver_v2.14.18.01 Roller Coaster Factory 3 S.T.A.L.K.E.R.: Shadow of Chernobyl Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Sequence Skype™ 5.8 Songbird 1.10.1 (Build 2160) Star Wars: Knights of the Old Republic Steam Systat 13 Manuals System Update Team Fortress 2 Terraria The Wonderful End of the World ThinkPad Power Manager ThinkPad UltraNav Utility ThinkPad Wireless LAN Adapter Software Train Simulator 2012 TrueCrypt Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.762 VIPAccess VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Zotero Standalone 3.0b3.2 (x86 en-US) . ==== Event Viewer Messages From Past Week ======== . 9/17/2012 4:25:18 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 9/17/2012 4:25:10 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 9/17/2012 4:23:30 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/17/2012 4:23:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 9/17/2012 4:23:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/17/2012 3:26:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service. 9/12/2012 11:46:46 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 9/11/2012 9:07:51 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  11. I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on. Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format. 78.41.203.125 206.161.121.3 64.34.127.185 195.80.148.5 There was also a 77.something that I was unable to screen cap in time. I followed the instructions on the matter which were given by user BornSlippy at http://forums.malwarebytes.org/index.php?showtopic=111851 who directed towards http://forums.malwarebytes.org/index.php?showtopic=9573 I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine. Below this point are the pasted logs. LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.
  12. i've tried running malwarebytes but am still having the same problem. here are my logs from dds. Thanks! dds.txt attach.txt
  13. I have the full version of Malwarebytes, but I sometimes get redirected when clicking links in google. Is this just a feature of google that is supposed to happen, or do I have a virus that Malwarebytes doesn't cover?
  14. I am getting a recurring malware that re-directs search engine results to rogue sites. After running MalwareBytes scan, my system is clean but then the first use of the Search Engine brings it back. Attached are dds.txt and atach.txt. dds.txt attach.txt
  15. Hello! Never tried the forum bit but here goes, I've read several posts of users having similar issues to what I'm seeing with my machine, as all of them were delighted with the results I'm highly inclined to seek your assistance. It seems whenever I plug my computer into its internet connection the CPU usage goes full on, upon opening the WTM to find the culprit I see that PING.EXE begins with a nominal percentage before (in seconds) exponentially rocketing up to 100% causing the machine to freeze absolutely. However, no sooner than the cable has been disconnected, all returns to a stable operating state. Manually stopping ping.exe and the searchindexer.exe tree works temporarily but they soon revitalize and the issue resumes, svchost.exe also has a high CPU and memory usage but I've not tried stopping any of those. The few times I ventured online google.com would not work, where other sites would. I thought myself a fairly proficient a user when it comes to macro software processes but am bewildered by the Windows components and really don't want to deadline my machine. I defer to the knowledge and experience of this forums admins, moderators, experts, and trusted advisors, Please Help! Thankyou Attach.txt DDS.txt
  16. My computer has been constantly redirecting my google searches for the past month or so, and additionally, recently a "TCP/IP Ping Command" has popped up in my volume mixer, playing sounds of different commercials. This has been worrying me greatly, and I would greatly appreciate assistance with these, primarily the Ping.exe virus. It will not let me delete Ping.exe due to the TrustedInstaller having full rights over it. I have copy-pasted my DDS.txt here. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Chris at 18:13:45 on 2012-06-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4771 [GMT -5:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Users\Chris\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Smartp1ck\Smartp1ck.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=5000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110730&user_guid=13C2E5EE9B5D45D8B3F74B75AB7226BF&machine_id=348521e6b323e04df9806cdd37276a89&browser=IE&os=win&os_version=6.1-x64-SP0 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll mURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll mWinlogon: Userinit=userinit.exe, BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - C:\Program Files\RebateRobot\RebateRobot.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [googletalk] C:\Users\Chris\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] uRun: [lime pro] "C:\Program Files (x86)\Lime PRO\LimePro.exe" -h uRun: [Octoshape Streaming Services] "C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [spotify] "C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [F.lux] "C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode mRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTP~1.LNK - C:\Program Files (x86)\Smartp1ck\Smartp1ck.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{2C222A49-E29D-47BE-8BD1-D6426B1ED9EC} : NameServer = 75.75.76.76,75.75.75.75 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll AppInit_DLLs: wbsys.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll BHO-X64: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll BHO-X64: Harmony Hollow Software - No File BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO-X64: Fantapper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll BHO-X64: Vuze Remote - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: RebateRobot BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll BHO-X64: RebateRobot - No File BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll mRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 mRun-x64: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe AppInit_DLLs-X64: wbsys.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oi4y2sxl.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - chrome://fvd.speeddial/content/fvd_about_blank.html FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F217A19E-2964-40BF-BB31-BEC39213C22B&n=77eda012&ind=2012061714&p2=^CD^xdm002^S01785^us&si=CPjfvtHd1bACFUJo4AodnV9Ezw&searchfor= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extentions.y2layers.installId - fa38ec04-a300-4a1a-9ef5-51911586c87a FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?] R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [2011-9-29 1152632] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111006.030\IDSviA64.sys [2011-10-7 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816] R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-16 654408] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-5-6 793048] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-7-9 109168] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-7-9 114688] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-22 2666880] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-9 2655768] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144] R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384] R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408] R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-7 136824] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-19 257224] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-4 1030600] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-9 30528] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . .scr=DWGTrueViewScriptFile . =============== Created Last 30 ================ . 2012-06-21 22:56:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 22:55:43 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 22:55:19 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 22:55:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 22:17:01 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-06-21 04:34:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\Braid 2012-06-21 04:34:08 -------- d-----w- C:\Program Files (x86)\Braid 2012-06-20 21:12:43 -------- d-----w- C:\ProgramData\AVAST Software 2012-06-20 21:12:43 -------- d-----w- C:\Program Files\AVAST Software 2012-06-20 20:47:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com 2012-06-20 20:47:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-06-20 20:47:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-06-20 20:27:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 20:08:35 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-06-20 20:08:32 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2012-06-20 16:49:06 -------- d-----w- C:\Users\Chris\AppData\Local\Macromedia 2012-06-17 16:51:12 -------- d-----w- C:\Program Files (x86)\CouponAlert_2p 2012-06-16 03:00:40 695296 ----a-w- C:\Users\Chris\MinecraftSP.exe 2012-06-16 03:00:40 43795464 ----a-w- C:\Users\Chris\Minecraft 1.2.0_02 Installer (Cracked).exe 2012-06-13 22:47:05 -------- d-----w- C:\Program Files (x86)\osu! 2012-06-13 22:46:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\Downloaded Installations 2012-06-13 07:40:48 -------- d-----w- C:\Users\Chris\Sumotori Dreams 2012-06-13 07:40:47 -------- d-----w- C:\Users\Chris\Sumoeditor 2012-06-13 07:35:47 -------- d-----w- C:\Program Files (x86)\gravitysensation.com 2012-06-13 01:07:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-11 21:20:14 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys 2012-06-11 21:20:14 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys 2012-06-11 21:20:14 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys 2012-06-11 21:20:14 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys 2012-06-11 21:20:14 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys 2012-06-11 21:20:14 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys 2012-06-11 21:20:08 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003 2012-06-08 03:42:41 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-06-07 00:20:21 53248 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-06-07 00:05:22 -------- d-----w- C:\Users\Chris\AppData\Local\Logitech® Webcam Software 2012-06-07 00:03:24 -------- d-----w- C:\Users\Chris\AppData\Local\LogiShrd 2012-06-07 00:00:11 -------- d-----w- C:\Program Files (x86)\Common Files\LWS 2012-06-05 23:57:14 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-06-05 23:57:14 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-06-05 23:57:14 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-06-05 23:56:33 -------- d-----w- C:\ProgramData\Battle.net 2012-06-05 21:39:55 -------- d-----w- C:\Users\Chris\Tekkit Server 2012-06-05 21:30:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\.techniclauncher 2012-06-04 00:37:42 -------- d-----w- C:\Users\Chris\Minecraft Server 2012-06-03 02:41:23 -------- d-----w- C:\Riot Games 2012-06-03 01:06:32 -------- d-----we C:\Windows\system64 2012-06-03 00:18:05 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-26 01:42:14 -------- d-----w- C:\Program Files (x86)\Smartp1ck . ==================== Find3M ==================== . 2012-06-21 23:00:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-21 23:00:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-21 22:50:12 25640 ----a-w- C:\Windows\gdrv.sys 2012-06-17 21:09:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-17 21:09:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-17 21:09:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-24 21:38:50 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-05-20 05:20:03 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-12 04:23:38 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 12:48:02 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-04-26 12:48:00 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-15 04:24:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-04-15 04:24:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-04-15 04:24:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-04-15 04:24:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-07-29 21:59:55 2047876859 ----a-w- C:\Program Files (x86)\DragonNestSetupV05.exe . ============= FINISH: 18:14:18.08 ===============
  17. Merged post I have some sort of virus or malware that redirects my browsers everytime I try to use Google. I have looked it up and read a bunch of different articles about it but I can't find any solid information about how to fix it. I have ran this program and norton and neither of them found anything wrong. Please help me, and bare with me because I'm not advanced with computers and didn't understand most of the advice I read. Does anyone have any ideas that would help?
  18. Hello, I've been having this problem, where I am not able to go to www.google.com using Chrome. It goes to "www.google.com/search.php" and displays the following message on the page: "Google 404. That’s an error. The requested URL /search.php was not found on this server. That’s all we know." The tab says " Error 404 (Not Found)!!1 ". When you load Chrome (Google is my home page), it very briefly gives a heading on the tab saying "Welcome to mydomainadvisor.com" before it goes to the "" Error 404 (Not Found)!!1 " message. Weird thing is that I am able to access google.com from Mozilla and Internet explorer. Also, Google searches work fine from the address bar on Chrome. I haven't noticed this with other websites like yahoo.com, bing.com, cnn.com etc. I have read quite a few posts on this issue on this forum and others, to know that this is likely a real issue, and I'm afraid it could get worse/ my passwords and other data could get stolen... now the only problem is I don't know how to get rid of this I have tried to scan using Malwarebytes Anti-Malware, Spybot, and Adaware (before I unistalled it recently). I have also scanned the whole system using Symantec. I am attaching the most recent Malwarebytes and HiJackThis logs in advance, to speed up the process. I would appreaciate your help in guiding me through this process!... Many thanks in advance! SP *************** Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.17.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Saurabh :: SAURABHP [administrator] 2/17/2012 11:36:12 AM mbam-log-2012-02-17 (11-36-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219905 Time elapsed: 17 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************* Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:31:04 AM, on 2/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files\Memeo\AutoBackup\InstantBackup.exe C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Memeo\Memeo Send\MemeoSend.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870 -4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft \Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C: \Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files \Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype \Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C: \Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar \Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100- df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS \PIconStartup.exe" O4 - HKLM\..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software \launcher.exe" /startup O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader \Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe -- silent --no_ui O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard \MemeoLauncher.exe --silent --no_ui O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support \AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support \APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update \jusched.exe" O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync \IntuitSyncManager.exe startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [Google Update] "C:\Users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr \acrotray.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin \hpqtra08.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect \IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit \QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows \system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C: \PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad \Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad \Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B- C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer \WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C: \Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA- C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software \btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo \Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files \PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit \QuickBooks 2012\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files \Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live \Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad \Bluetooth Software\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files \Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad \Utilities\DOZESVC.EXE O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files \Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr \iviRegMgr.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files \LENOVO\HOTKEY\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files \LENOVO\HOTKEY\MICMUTE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a \webserver\bin\win32\matlabserver.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup \MemeoBackgroundService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows \system32\nvvsvc.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities \PWMDBSVC.EXE O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks \QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files \Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit \DataProtect\QBIDPService.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C: \Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files \Seagate\Seagate Dashboard\SeagateDashboardService.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files \Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C: \Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer \Version5\TeamViewer_Service.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer \Version6\TeamViewer_Service.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files \Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows \System32\TPHDEXLG.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO \HOTKEY\TPHKSVC.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost \TurboBoost.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 18553 bytes
  19. Hi Forum, I hate to re-post but it looks like I might have fallen through the cracks. I am still dealing with the issues listed in my previous post from two weeks ago. http://forums.malwarebytes.org/index.php?showtopic=103716&hl=&fromsearch=1 In short, I have a browser hijack / google redirect malware issue, Malwarebytes is notifying me of blocking outgoing contact to malicious websites, and while this is occuring I have high memory usage and a very slow system. Running Malwarebytes (even in safe mode) does not slove these issues. After reading around the forum I am wondering if I migh have rootkit issue - I am at a loss on how to proceed but I don't want to start tinkering until I get some info from an expericed adivisor. I really appreciate any help someone can provide! ---------------------------------------------- Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.02.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 1/2/2012 8:54:59 PM mbam-log-2012-01-02 (20-54-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204701 Time elapsed: 32 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30 Run at 12:21:01 on 2012-01-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\hotsync.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\ping.exe C:\WINDOWS\system32\msiexec.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~1\fvbho140.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111223233619.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\ypager.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe" mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [sSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [FlipViewer Library] "c:\program files\e-book systems\flipviewer\FlipViewerLibrary.exe" /showmode=hide mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll LSP: mswsock.dll Trusted Zone: musicmatch.com\online DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\alison satake\application data\mozilla\firefox\profiles\ls0pk803.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll FF - plugin: c:\documents and settings\alison satake\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPOpf.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-14 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-14 89792] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-30 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-11 94880] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 150856] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57600] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-30 20464] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-14 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-1 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-1 13224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2006-3-7 31744] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-14 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 87656] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-6-17 272128] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-12-1 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-12-1 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-12-1 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-12-1 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-12-1 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-12-1 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-12-1 109864] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-23 152064] S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys [2005-11-17 727908] S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys [2005-11-17 44928] . =============== Created Last 30 ================ . 2012-01-03 16:54:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys . ==================== Find3M ==================== . 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-12 20:23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-14 22:38:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll . ============= FINISH: 12:29:15.29 ===============
  20. Although MBAM does detect the files associated with the Trojan.Qhost.Gen and .BG (dplaysvr.exe & dplayx.dll), it does not appear to detect or warn that the hosts file has been changed. I'm not positive, but apparently it was changed by these Trojans. In my case , the host file redirected the browser to a site in Romania ? when either www.google.com or www.bing.com was browsed. Is it possible to warn users when the host file has lines in it without the # character ? Thanks, mandacat
  21. I have a google redirect problem: Mydomainadvisor DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 Run by User at 2:18:31 on 2012-01-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.1982 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\acs.exe svchost.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe svchost.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [Facebook Update] "c:\documents and settings\user\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{41AA0B29-36CE-43F4-8FA1-5E5C07DAB864} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-8 64512] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2011-8-5 219360] R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2011-8-5 68136] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-3 652872] R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-10-24 61096] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-5 1684736] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-5-5 632576] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-01-11 23:10:26 -------- d-----w- c:\program files\Ventrilo 2012-01-11 23:10:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2011-12-25 03:20:03 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2011-12-25 03:18:14 -------- d-----w- c:\documents and settings\user\application data\Jason Robitaille 2011-12-25 03:17:36 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2011-12-25 03:17:36 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2011-12-25 03:17:34 -------- d-----w- c:\program files\Palm, Inc 2011-12-25 03:16:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-25 03:16:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-20 01:42:11 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search . ==================== Find3M ==================== . 2012-01-10 20:14:08 17488 ----a-w- c:\windows\gdrv.sys 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-08 20:41:55 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-08 20:41:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-25 01:18:26 61096 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys . ============= FINISH: 2:19:02.83 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.