Jump to content

Search the Community

Showing results for tags 'Kaspersky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 24 results

  1. After installing version 4.0 of Kaspersky Premium, an error message from Kaspersky appeared asking to uninstall Malwarebytes to avoid conflict problems. Any suggestions? Thank You, John T.
  2. Hi, I have problems with compatibility between Malwarebytes 4 version and the new Kaspersky 2020 version. The problems are most all of bugs, crashes and freezing softwares. Interent browser and others. I made a Malwarebytes Support Tool and FRST scan, and attached here the results. Have nice Day. mbst-grab-results.zip
  3. Hi I've used Malwarebytes for years now with AVG and Avast without problem. But I've just got a new system and wanted a new antivirus with a better interface. So I picked Kaspersky 2020 and it's great. Far less spam messages than other free version antivirus programs. But Kaspersky isn't great at picking up Malware so I wanted to install Malwarebytes again. Sadly after three attempts and after two complete windows reinstalls it seems Malwarebytes is the culprit in my system failures. Every time I install Malwarebytes the start menu refuses to open, windows settings hangs and the search bar becomes unstable. I lose my Internet connection and get multiple other problems. This only happens after installing Malwarebytes. I've tried a system restore which fails and then I have to apply a complete backup image to get it working again. I was under the impression Malwarebytes would work along side Kaspersky. Is there a known issue in running these two together?
  4. are there any known issues with a dual install? I just reinstalled and Kasperky warned me. I installed MW 1st. (obvious...)
  5. I have always used Malwarebytes and Kaspersky Internet Security together without any problems. However, recently Kaspersky attempted to update itself to KIS 2019 and told me it couldn't update due to incompatible software on my system. Upon manually installing KIS 2019, it found that Malwarebytes was the software that was considered "incompatible" with the update, and the only way to update KIS was to uninstall Malwarebytes. Kaspersky is my main anti-virus/internet security that I use, so I decided to go ahead and uninstall Malwarebytes in that case. What I was now wondering is if Malwarebytes (possibly version 3, because I wasn't sure if I had Malwarebytes updated lately because I have it set to manual update) has added a patch or an update that would make it compatible with KIS 2019 so that I could possibly reinstall it?
  6. Good night dear. For some time I have been experiencing compatibility issues between Kaspersky Internet Security and MBAM Premium. Every time KIS does the rootkit check, it disables real-time web protection and I have to close and restart MBAM to get back to normal. Today, when I checked the KIS reports (attached image), I noticed that it has been blocking some Task Manager and MBAM tasks (for example, reading memory from other processes, duplicating the internal processors, executing code injection). Is there a problem with my computer? Sorry for English, but I did a direct translation from Portuguese.
  7. I am using Kaspersky Internet Security 2017. I want to buy Malwarebytes Premium for Home. Will I be able to use both of these without any problem? Thank you.
  8. Hi! I recently updated windows 10 again which contained quite much. The problem i'm having now is that i get the warning pop-up: The problem is, that i have KAV as AV but using MBAM as my scanning software which i use once per month (nothing is activated on MBAM until i do the scan) So is it problem to remove this pop-up that keep warning me? Looks like this: Thanks in advance!
  9. Hello everyone ! I'd be glad to have some help as I cannot get rid of a trojan on my mother in law's computer... Malwarebytes and Kaspersky are unable to clean it as well. After many scans, myany attempts to clean it, many reboots, it still remains... The trojan is called Trojan.Multi.GenAutorunBITS.a and is in the computer's memory. I did not find a lot of infos about it on the web, juste a few (false ?) blogs or tech pages that claims that a "SpyHunter" app is supposed to get rid of it easily (is that even true ?) and of course it costs quite a lot. I also found this thread in malwarebyte's forums and started to follow the first steps : scan & clean with ESET online but the virus is still there. I could reinstall the whole PC with a clean image with TrueImage but if I can do something about it, let's try ! Thanks a lot.
  10. Hi, I hope you can help with my stupidity!! I'm normally pretty savvy about checking updates before trusting their source but I'm afraid a moments in-attention is causing me some grief....... I clicked on and installed an 'update' for Firefox last night which turned out to come from 'heezetoutembal.org'. (Yep - I know I can hear everyone tut tutting.........) Having realised my mistake I tried to run Malwarebytes (which I have been using for some time now) but it would not open up. I then ran a full scan with my Kaspersky Internet Security which identified the 'Trojan.Multi.GenAutorunreg.a' in the system memory. After a quick check on the forum I uninstalled the Malwarebytes using mb-clean-3.1.0.1027.exe, then re-installed Malwarebytes. I've attached the Export Summary (13.9.17 08.45). I then quarantined the 2 items and re-ran Malwarebytes. The 2nd Export Summary (13.9.17 16.40) is also attached. When I run a full scan using Kaspersky it still shows the 'Trojan.Multi.GenAutorunreg.a' as being present. Am I missing something? I hope that you can help. Thanks Export Summary 13.9.17 08.45.txt Export Summary 13.9.17 16.40.txt
  11. Hello all, Recently I was being monitored in my PC and some e-mail accounts were hacked. Then I did a hard reset on all my devices and start to take care regarding security on internet. Now I am using Malwarebytes Premium and Kaspersky Full Protection together in my PC since two weeks ago. Yesterday when I start my PC, the Malwarebytes sent me a message that I am not full protected, due to web protection is not activated. I am trying to active this function on Malwarebytes but is not possible, it is showing a message: "activing" but it never starts to really active. I do not know if it has a correlation, but the same day, my Kaspersky show me on blocked modules itens "qt5winextras.dll". This file is located on Malwarebytes folder. Additional information: I have installed JRT and executed it some times. Asks: 1 - What is "qt5winextras.dll" on Malwarebytes folder? Is it really trusted file? 2 - How can I make sure that I am not being monitored or hacking again? 3 - How can I discover if in my PC has a keylloger collecting my data?
  12. I have gone back to version 2 because version 3 doesn't play nice with Kaspersky Internet Security 2017. System hangs on start up. If I set MB3 to not start automatically I can get the system to boot and after Kaspersky gets up and running I can start MB3 and all *seems* to be working. I have noticed that when I am fiddling with MB3 settings it will occasionally hang the system like it does on startup. Some times you can wait it out if don't do anything for 10 or 15 minutes. I don't have any screen shots. the system just hangs. No crashes or BSODs just hanging. MS Windows 7 Home Premium version 6.17601 Service Pack 1 Build 7601 64bit, i7-3770K, MB3.05, Kis 17.0.0.611 (c) To reproduce the issue install MB3 then reboot. System will hang on startup. It happens every time. I don't have any log files because I uninstalled MB3 and put on MB2. The folder they are supposed to be in is gone.
  13. Hello MWBers, I’ve run MWB & Avira for some time without any conflicts but I’m thinking of ditching Avira in favor of Kaspersky. As far as I can tell, older posts are split almost evenly between those saying MWB & Kaspersky don’t conflict at all and those warning that the only way to have both without major problems is to set up exclusions in one or both and/or to disable real-time scanning in one of the programs. Can anyone advise (warn, or reassure) me on the likelihood of conflicts based on more recent experience? FWIW, I would be running MWB paid version 2.2.1.1043 and Kaspersky Internet Security using Windows 7, 64-bit. Thanks, Marc
  14. Kaspersky has been detecting the following as a malicious program: PDM:Exploit.Win32.Generic Is this something that is being caused by Malwarebytes?
  15. We use Kaseya with the malwarebytes module (reffered to as Kaseya Anti Malware or KAM) along with the kaspersky module (reffered to as Kaseya Anti virus or KAV) and adwcleaner. i recently had an infected machine that already had KAM deployed to it from kaseya. My regular procedure is to run KAM and if anything is detected i also run a scan with KAV and adwcleaner. however this time i ran KAM and it detected nothing. i knew that there was a problem with this machine so i also ran adwcleaner which found 50+registry entries, scheduled tasks, browser plugins etc. im wondering if someone can explain why KAM was unable to detect these items. is this because KAM isnt able to detect these type of infections, or because it is unable to detect them? I am concerned because we use KAM as our 'first responder' for this type of situation and this is a pretty massive failure seeing as how some of this stuff is really common. ie pastaquotes, trivoli, secure fast pc. Here are the technical details. the machine in question froze and is offline. it will not accessable until monday but i do have partial screenshots of what adwcleaner detected. i have attached those to this post and will update with the full logs when i can. adwcleaner v5.024-----------------------MalwareBytes Anti-Malware Version: 1.75.0.1300Management Version: 7.0.0.3Database Version: 2015120904Database Date: 15:56:06 PM 09-Dec-15-----------------------Kaspersky Antivirus Version: 10.2.1.23Management Version: 7.0.0.15-----------------------Scan log:Malwarebytes Anti-Malware (Kaseya) 1.75.0.1300www.malwarebytes.orgDatabase version: v2015.12.09.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.18124Protection: Enabled12/9/2015 11:25:27 AMmbam-log-2015-12-09 (11-25-27).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 456041Time elapsed: 1 hour(s), 4 minute(s), 46 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)
  16. Over the last few days, I've had 3 different clients with the same problem. All 3 of them are using Kaspersky Internet Security along with Malwarebytes Premium (with Realtime Protection enabled). Shortly after bootup, the computer will become unresponsive (i.e.: nothing is "clickable). It does not seem to be accompanied by abnormally high CPU usage, according to Task Manager. If I disable either Kaspersky Internet Security OR Malwarebytes Premium, the problem does not occur. I've tried the following, with no luck: * Adding "mutual exclusions" for both programs. * Disabling several of the KIS protection modules (Firewall, Application Control, etc.). Some additional info: * This problem only occurs with Kaspersky Internet Security, NOT Kaspersky Anti Virus. * This problem occurs with both Kaspersky Internet Security 2015 and 2016. * All 3 clients have been using KIS + MBAM for several years with no problem, so it must have something to do with a recent update. Any help or advice is much appreciated.
  17. Kaspersky Antivirus 2016 or Bitdefender antivirus plus 2016? So I've seen sooooo many reviews on how bitdefender is better but there are like none 2016 version reviews that show me what av is actually better. I don't really care about the features like game-mode, i just want the best protection. Could anyone please help me I want to run this along malwarebytes anti-malware premium. Oh and If I would have Kaspersky/Bitdefender's real-time-protection would I still need malwarebytes real-time-protection? Thanks!
  18. Hi, I'm new to the Forum. I have tried researching the topic online and contacting MBAM support directly. Neither has helped so far. I think that is, in part, due to the fact that I want to understand what is going on before jumping on a removal process. From MBAM's own website: "The 'PUM' (Potentially Unwanted Modification) detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings. If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software." But how do I really know if the detected PUM is something I should keep or remove? I've attached an image of what the screen looks like when MBAM finishes its scan. I'll also include the log information in an attachment and in the body below. In the days leading up to this problem, I did make some changes. Kaspersky Internet Security (KIS) wasn't updating, a problem I have experienced before. After troubleshooting the matter, I had to do an uninstall/reinstall. Unlike previous uninstall/reinstall instructions, this time I was not told to use the Kavremover tool. I also took steps to update the NVIDIA driver and downloaded a new program called DrawPlus by Serif. So, I have been wondering if one of the actions I took did change something on the StartMenu; but I am not experienced enough to figure it out. Googling only took me so far and there's a lot to process. During the uninstall/reinstall of KIS, I did have to turn off the firewall too. So, maybe it isn't an action I took but an actual piece of malware that got in during that time? But the question remains: How do I know the difference? I don't want to prematurely remove the PUM only to cause other problems down the line in the registry. I am happy to provide the logs and screen shots needed to help you help me figure this out. Just know that I'll need you to tell me how to get you the logs . The log I can give you now is the most recent. I tried the NVIDIA Rollback tool to see if that made a difference. The only difference I noted was that the information in the brackets following the PUM location changed. Again, I don't know what that even means. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/25/2015 Scan Time: 5:10 PM Logfile: 25 August 2015 - FORUM.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.25.07 Rootkit Database: v2015.08.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 423279 Time Elapsed: 19 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-683834285-2108896767-324524410-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),,[d8330706acdffe3830e05ef9da2b45bb] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Okay, I think that's it. I very much look forward to your replies. Your help and input is most welcome and appreciated. Image MBAM Results.docx 25 August 2015 - FORUM.txt
  19. Hi, Today I opened up MBAM for the first time in a while (bad, I know), and I updated the databases, I got a quick notification from my older version of Kaspersky recognizing the MBAM databases as Trojan viruses, I don't know if somehow my MBAM was infected, or if that's possible, and what I should do to fix this. Keep in mind, my Kaspersky is a bit older, but I don't want that to be used as the only explanation for this problem.
  20. Kaspersky runs erratically or stops running in the middle of session. I am locked out of my adminster settings Windows Updater keeps changing settings to "notify me" then locks me out of changing it saying I need administer privalages when I -am- the administrator. I think malware or a virus or some kind of trojen maybe involved but am unsure here are my stats. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 Run by matt at 20:10:20 on 2013-06-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2849 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\TiltWheelMouse.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254 SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MouseDriver] TiltWheelMouse.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-06-19 21:56; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264] R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512] S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736] . =============== Created Last 30 ================ . 2013-06-20 22:24:40 -------- d-----w- C:\Users\matt\AppData\Local\Diagnostics 2013-06-20 02:58:49 -------- d-----w- C:\Users\matt\AppData\Roaming\LavasoftStatistics 2013-06-20 02:58:49 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus 2013-06-20 02:57:56 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2013-06-20 02:57:48 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-06-20 02:57:23 -------- d-----w- C:\ProgramData\Search Protection 2013-06-20 02:57:22 -------- d-----w- C:\Users\matt\AppData\Local\adawarebp 2013-06-20 02:57:22 -------- d-----w- C:\ProgramData\blekko toolbars 2013-06-20 02:57:20 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2013-06-20 02:56:45 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-06-20 02:56:39 -------- d-----w- C:\Program Files (x86)\adawaretb 2013-06-20 02:55:53 47496 ----a-w- C:\Windows\System32\sbbd.exe 2013-06-20 02:55:53 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-06-20 02:55:52 -------- d-----w- C:\Users\matt\AppData\Roaming\Ad-Aware Antivirus 2013-06-18 23:34:17 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll 2013-06-17 08:03:34 -------- d-----w- C:\Games 2013-06-17 07:48:50 -------- d-----w- C:\qfgcd 2013-06-15 02:52:23 -------- d-----w- C:\U2M 2013-06-13 03:47:16 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74 2013-06-13 03:45:54 -------- d-----w- C:\Users\matt\AppData\Local\DOSBox 2013-06-12 04:50:44 -------- d-----w- C:\Users\matt\AppData\Local\Macromedia 2013-06-12 04:50:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 04:50:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-12 04:49:36 -------- d-----w- C:\Users\matt\AppData\Local\Adobe 2013-06-12 00:03:22 -------- d-----w- C:\Sierra 2013-06-11 22:17:43 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-11 22:16:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-09 23:38:18 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui 2013-06-09 23:37:36 -------- d-----w- C:\Windows\SysWow64\Wat 2013-06-09 23:37:35 -------- d-----w- C:\Windows\System32\Wat 2013-06-09 11:35:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-06-09 11:35:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-06-09 11:35:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-06-09 11:35:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-09 11:02:22 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-06-09 11:02:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-06-09 11:02:22 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-06-09 11:02:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-06-09 11:02:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-06-09 11:02:22 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-06-09 11:01:58 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-06-09 11:01:58 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-06-09 11:01:57 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-06-09 11:01:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-06-09 11:01:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-06-09 11:01:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-06-09 11:01:57 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-06-09 11:00:42 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-06-09 11:00:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-06-09 11:00:42 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-06-09 08:36:20 -------- d-----w- C:\Windows\panther 2013-06-09 08:31:53 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-06-09 08:17:43 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-06-09 07:49:59 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-06-09 07:48:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-09 07:48:57 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2013-06-09 07:48:56 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2013-06-09 07:48:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2013-06-09 07:48:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-06-09 07:48:54 478208 ----a-w- C:\Windows\System32\dpnet.dll 2013-06-09 07:48:54 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2013-06-09 07:48:53 515584 ----a-w- C:\Windows\System32\timedate.cpl 2013-06-09 07:48:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2013-06-09 07:48:52 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2013-06-09 07:40:34 77312 ----a-w- C:\Windows\System32\packager.dll 2013-06-09 07:40:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-06-09 06:52:40 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-09 06:30:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-06-09 06:30:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-06-09 06:30:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-06-09 06:27:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-06-09 06:27:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-06-09 06:27:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-06-09 06:27:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-06-09 06:14:41 -------- d-----w- C:\Users\matt\AppData\Roaming\Malwarebytes 2013-06-09 06:14:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-09 06:14:25 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-09 06:14:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 06:14:13 -------- d-----w- C:\Users\matt\AppData\Local\Programs 2013-06-09 06:00:45 64856 ----a-w- C:\Windows\System32\klfphc.dll 2013-06-09 06:00:33 -------- d-----w- C:\Windows\ELAMBKUP 2013-06-09 06:00:31 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-06-09 06:00:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-06-09 06:00:27 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-06-09 05:55:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-06-09 05:55:15 -------- d-sh--w- C:\Windows\Installer 2013-06-09 05:54:46 -------- d-----w- C:\Program Files\ATI Technologies 2013-06-09 05:54:44 -------- d-----w- C:\Program Files\ATI 2013-06-09 05:48:29 -------- d-----w- C:\Windows\SysWow64\RTCOM 2013-06-09 05:48:29 -------- d-----w- C:\Program Files\Realtek 2013-06-09 05:48:23 412264 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2013-06-09 05:48:22 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2013-06-09 05:48:22 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll 2013-06-09 05:48:19 2578576 ----a-w- C:\Windows\System32\WavesGUILib.dll 2013-06-09 05:48:04 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll 2013-06-09 05:48:03 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll 2013-06-09 05:48:02 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll 2013-06-09 05:48:02 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll 2013-06-09 05:48:02 198896 ----a-w- C:\Windows\System32\SRSHP64.dll . ==================== Find3M ==================== . 2013-06-18 23:15:28 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-09 06:37:29 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-06-09 06:37:28 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys 2013-06-09 06:37:28 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 20:10:32.17 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/9/2013 12:43:51 AM System Uptime: 6/20/2013 5:39:18 PM (3 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H61M-D2P-B3 Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 895.899 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Deskjet 1000 J110 series Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Manufacturer: Name: Deskjet 1000 J110 series PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Service: . ==== System Restore Points =================== . RP9: 6/9/2013 1:42:07 PM - Windows Update RP10: 6/9/2013 5:17:17 PM - Windows Update RP11: 6/9/2013 6:37:07 PM - Windows Update RP12: 6/11/2013 5:16:50 PM - Windows Update RP13: 6/12/2013 1:47:09 AM - Windows Update RP14: 6/18/2013 6:33:12 PM - Windows Update . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 Plugin ATI Catalyst Install Manager ATI Problem Report Wizard HydraVision Intel® Control Center Intel® Management Engine Components Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable (x64) Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service ON_OFF Charge B11.0110.1 Quest for Glory Collection Series Quest for Glory V: Dragon Fire Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) . ==== Event Viewer Messages From Past Week ======== . 6/20/2013 4:09:37 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================
  21. many things have happened to my computer since I did a clean install. *was unable to delete a partition(my D drive had a partition I wanted to delete because I had WD Acronis installed and had transferred my partition to my (current) c drive. *malwarebytes anti-malware would not let me enable "website blocking" and would inadvertantly turn off when I was able to enable it. *Kaspersky wouldn't update after I ran windows update(I always update it and run a virus scan before rebooting to scan new updates for viruses/imalware) *Malwarebytes anti-malware refused to load after windows update and installing internet explorer 8 *when I rebooted after installing internet explorer 8, windows hung on my desktop with no icons and and a message on the left top corner of the screen said "loading personal settings" when I haven't set up internet explorer. the only user on my PC is me and no one else! computer is slow to on start up and Kaspersky takes 2 or more minutes to load into task bar. *Malwarebytes anti-malware is slow to start when I want to open it to do a manual scan *computer generally slow, internet explorer 8 slow to open, takes nearly a minute for browser to pop up. *windows update site slow to load. Sorry! First time on this forum, I misinterpeted the instructions, only human. I'll post the dds and attach.txt here: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 11:28:13 on 2013-03-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362745571437 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll . ============= SERVICES / DRIVERS =============== . R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-7 116264] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2013-3-7 77056] R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2013-3-7 83392] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-8 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-8 398184] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-8 682344] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-8 99856] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-10-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-10-25 24920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-8 21104] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-8 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] . =============== Created Last 30 ================ . 2013-03-08 16:26:20 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-08 16:25:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-08 16:25:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-08 16:25:55 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-08 16:25:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-08 16:25:55 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-08 16:25:55 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-08 16:25:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-08 16:25:54 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-08 14:09:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-08 13:52:48 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-08 13:46:11 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-08 13:04:39 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-08 13:04:13 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-08 13:03:55 -------- d-----w- c:\windows\ie8updates 2013-03-08 13:03:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-08 13:03:49 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-08 13:03:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-08 13:03:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-08 13:03:49 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-08 13:03:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-08 13:03:49 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-08 13:03:09 -------- dc-h--w- c:\windows\ie8 2013-03-08 12:41:13 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-08 12:41:13 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-08 12:39:41 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-08 12:33:11 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-08 12:33:10 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-08 12:33:10 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-08 12:33:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-08 12:32:32 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-08 12:32:32 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-08 12:31:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-08 12:31:35 -------- d-----w- c:\windows\system32\PreInstall 2013-03-08 12:31:33 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-08 12:26:08 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-08 12:12:34 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-08 11:00:41 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-08 11:00:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-08 11:00:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 10:32:07 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-08 10:32:07 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-08 10:32:01 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-08 10:19:48 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-08 10:19:43 -------- d-----w- c:\program files\OpenAL 2013-03-08 10:16:59 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-08 10:16:24 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-08 10:06:37 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-08 10:06:27 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-08 10:06:27 41984 ------w- c:\windows\Ctregrun.exe 2013-03-08 10:06:11 90112 ------w- c:\windows\Updreg.EXE 2013-03-08 10:05:42 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-08 10:05:42 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-08 10:05:12 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-08 10:05:12 -------- d-----w- c:\windows\system32\Data 2013-03-08 10:04:53 -------- d-----w- c:\program files\Creative 2013-03-08 10:03:55 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2013-03-08 10:03:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2013-03-08 10:03:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2013-03-08 10:03:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-03-08 10:03:55 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2013-03-08 10:03:55 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2013-03-08 10:03:54 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2013-03-08 10:03:54 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2013-03-08 09:53:42 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-08 09:52:04 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys 2013-03-08 09:52:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2013-03-08 09:52:03 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys 2013-03-08 09:52:03 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2013-03-08 09:52:02 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys 2013-03-08 09:52:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2013-03-08 09:52:01 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys 2013-03-08 09:52:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2013-03-08 09:52:00 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys 2013-03-08 09:52:00 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2013-03-08 09:34:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-08 09:34:09 -------- d-----w- c:\windows\system32\URTTemp 2013-03-08 09:19:54 -------- d-----w- c:\windows\system32\appmgmt 2013-03-08 05:04:55 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2013-03-08 05:04:55 601408 ----a-w- c:\windows\system32\drivers\timntr.sys 2013-03-08 05:04:55 125472 ----a-w- c:\windows\system32\drivers\vididr.sys 2013-03-08 05:01:54 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-08 05:00:18 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys . ==================== Find3M ==================== . 2013-03-08 11:25:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-08 09:51:44 0 ----a-w- c:\windows\ativpsrm.bin 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll 2012-12-27 10:24:19 81920 ------w- c:\windows\system32\ieencode.dll 2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SiI_____ rev.1100 -> Harddisk1\DR1 -> \Device\Scsi\UlSata1Port2Path0Target0Lun0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll SCSIPORT.SYS SI3112r.sys c:\windows\system32\drivers\vsflt53.sys Acronis Acronis Virtual Disk c:\windows\system32\drivers\SI3112r.sys Silicon Image, Inc Medley 1 ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Harddisk1\DR1[0x8A603AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE190] -> [0x8A693648] 5 vsflt53[0xB9F60C2B] -> ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Scsi\SI3112r1Port3Path0Target0Lun0[0x8A637A38] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 586088446 (+255): user != kernel . ============= FINISH: 11:29:01.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/7/2013 10:46:52 PM System Uptime: 3/8/2013 11:17:26 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 279 GiB total, 272.893 GiB free. D: is FIXED (NTFS) - 932 GiB total, 930.62 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . AMD Catalyst Install Manager Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 OpenAL Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2792100) Security Update for Windows XP (KB2797052) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Sound Blaster X-Fi Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 . ==== Event Viewer Messages From Past Week ======== . 3/8/2013 4:05:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0. 3/7/2013 11:52:59 PM, error: Distributed Link Tracking Client [12507] - The volume ID for D: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. . ==== End Of File =========================== attach.txt
  22. I am currently having some computer problems and I have tried every way I know to fix it. What happens is that I have random sound clips playing for no apparent reason. Be it a 20 second song clip, advertisement, whatever. It only happens when I am connected to the internet, and when I connect my laptop to my flat screen tv through HDMI when I want to watch a movie. It doesn't happen when disconnect my wifi. Now I know it's not advertisements from a browser because it does it when I shut everything down. It's not a browser playing these sounds, I have pulled up task manager and closed every process except for the mandatory ones. I have rebooted my computer in safe mode and ran a Malwarebytes scan and Kaspersky tdsskiller scan. They both brought up nothing. Neither did a Norton scan nor a Kaspersky scan, I am running Windows 7 on an HP DV4-2142nr 64-bit laptop. Any questions, thoughts, suggestions or recommendations are most welcome. Thanks.
  23. Hello, Thanks for the killer AV product. I use it at home and at work. We just recently purchased multiple Corporate licenses. I installed these licenses on our machines, some XP and some Vista. Then, tried to install Kaspersy Antivirus on top of that. However, during the install, got an error, where the Kaspersky Antivirus viewed Malwarebytes as a conflicting program. The version of Kaspersky that we are installing is a special one - we use a hardware firewall by Sonicwall, and that device enforces a Client AV policy on all workstations: they must install Kaspersky AV before being allowed to access the internet when this policy is active. We installed Malwarebytes first, then ran into the unexpected conflict issue - Kaspersky wouldn't let us install itself. We were instructed to remove Malwarebytes. Personally, I don't trust any one AV program alone to stop all the malware that Malwarebytes can. I want to make the two programs play nice. How would I go about doing this? Note that the Antivirus may be configured in either its own interface and/or through the Sonicwall Firewall admin interface. Thanks!
  24. I hope I didn't mess up this computer too much!!! I'd be happy to turn off Avast , Symantec and Kaspersky and run a program which will help, hint hint. When I 'disable' Kaspersky for '1 hour' for a minute , I am given a warning sometimes 480 connections will be closed. after running a series of deep scans, boot scans, etc, and reseting my TCP values to windows defaults using TCP optimizer. I am sometimes able to take control of my computer and get online searching for real answers brings me here: Please help if you can, please and thanks.!!!! I think I found the set of virii which attacked Toledo Police.... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Richard at 23:02:31 on 2012-02-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1649 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe C:\windows\System32\svchost.exe -k ipripsvc C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\WinUtilities\WinUtil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Richard\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\standardrichard\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mStart Page = about:blank mWinlogon: Userinit=userinit.exe, BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [<NO NAME>] mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CONNEC~1.LNK - C:\Program Files (x86)\Connection Keeper\conkeepm.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WeFi.lnk - C:\Program Files (x86)\WeFi\WeFi.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F} : DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F}\356484140277966696 : DhcpNameServer = 10.128.128.128 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO-X64: Norton Safety Minder BHO - No File BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO-X64: link filter bho - No File TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [(Default)] mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\rg46nemv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q= FF - user.js: extensions.funmoods_i.id - 1e4d892f00000000000016de2bee20bf FF - user.js: extensions.funmoods_i.instlDay - 15388 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:20:59 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - adknlg FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys --> C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys [?] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120225.004\IDSviA64.sys [2012-2-28 488568] R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-24 44768] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] R2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-5-13 118968] R2 iprip;RIP Listener;C:\windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe [2012-2-28 138232] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2012-2-27 138248] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-26 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-26 138360] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?] R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-26 13592] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S3 ElephantDrive-Service.exe;ElephantDrive-Service;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-5-13 118456] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-11-26 332272] S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCAMp50a64.sys --> C:\windows\system32\Drivers\PCAMp50a64.sys [?] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCASp50a64.sys --> C:\windows\system32\Drivers\PCASp50a64.sys [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys --> C:\windows\system32\DRIVERS\SWDUMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files (x86)\Webcam\Webcam123\dogsvc.exe [2007-12-5 189440] S3 WefiEngSvc;WeFi Engine Service;C:\Program Files (x86)\WeFi\WefiEngSvc.exe [2010-11-3 120152] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-02-29 07:03:05 218232 ----a-r- C:\windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64\0203000.011 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64 2012-02-29 07:03:01 167048 ----a-r- C:\windows\System32\drivers\NOFx64\0203000.007\ccSetx64.sys 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64\0203000.007 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64 2012-02-29 06:56:11 167048 ----a-r- C:\windows\System32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64\0201000.00C 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64 2012-02-29 06:56:09 -------- d-----w- C:\Program Files (x86)\Norton Management 2012-02-28 05:11:05 738936 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtsp64.sys 2012-02-28 05:11:05 451192 ----a-r- C:\windows\System32\drivers\NAVx64\1305000.091\symds64.sys 2012-02-28 05:11:05 405624 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symnets.sys 2012-02-28 05:11:05 37496 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtspx64.sys 2012-02-28 05:11:05 190072 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ironx64.sys 2012-02-28 05:11:05 167048 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ccsetx64.sys 2012-02-28 05:11:05 1092728 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symefa64.sys 2012-02-28 05:10:51 -------- d-----w- C:\windows\System32\drivers\NAVx64\1305000.091 2012-02-26 17:14:51 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Symantec 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-02-26 17:14:13 -------- d-----w- C:\windows\System32\drivers\NAVx64 2012-02-26 17:14:10 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus 2012-02-26 13:28:06 -------- d-----w- C:\ProgramData\Vocaboly 2012-02-26 13:27:56 626688 ----a-w- C:\windows\SysWow64\msvcr80.dll 2012-02-26 13:27:56 548864 ----a-w- C:\windows\SysWow64\msvcp80.dll 2012-02-26 13:27:56 1093632 ----a-w- C:\windows\SysWow64\mfc80.dll 2012-02-26 06:46:22 77312 ----a-w- C:\windows\SysWow64\ztvunace26.dll 2012-02-26 06:46:22 75264 ----a-w- C:\windows\SysWow64\unacev2.dll 2012-02-26 06:46:22 69632 ----a-w- C:\windows\SysWow64\ztvcabinet.dll 2012-02-26 06:46:22 162304 ----a-w- C:\windows\SysWow64\ztvunrar36.dll 2012-02-26 06:46:22 153088 ----a-w- C:\windows\SysWow64\UNRAR3.dll 2012-02-24 14:46:17 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E63701F-F31C-489B-BF90-79B0EE9372FD}\mpengine.dll 2012-02-24 13:44:35 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-02-24 13:44:32 817496 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-02-24 13:44:32 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-02-24 13:44:03 41184 ----a-w- C:\windows\avastSS.scr 2012-02-24 13:41:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-02-24 13:41:12 -------- d-----w- C:\Program Files\AVAST Software 2012-02-23 08:10:48 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-02-23 08:10:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-02-21 18:15:03 -------- d-----w- C:\Users\Richard\AppData\Roaming\GlarySoft 2012-02-21 06:38:12 199168 ------w- C:\windows\SysWow64\actskin4ku.ocx 2012-02-21 06:38:10 67632 ------w- C:\windows\SysWow64\mswinsckku.ocx 2012-02-21 06:38:10 11264 ------w- C:\windows\SysWow64\browser.ocx 2012-02-21 06:38:07 -------- d-----w- C:\Program Files (x86)\Super Speed Internet 2012-02-21 06:37:38 -------- d-----w- C:\Program Files (x86)\Common Files\SY Company 2012-02-21 06:37:22 -------- d-----w- C:\temp 2012-02-21 06:32:46 -------- d-----w- C:\Program Files (x86)\Badosoft 2012-02-21 05:55:20 -------- d-----w- C:\Program Files (x86)\SySpeed 2012-02-21 04:05:24 557848 ----a-w- C:\windows\System32\drivers\iaStor.sys 2012-02-20 15:54:28 -------- d-----w- C:\Users\Richard\AppData\Roaming\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\ProgramData\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2012-02-20 15:22:18 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-02-20 14:40:43 -------- d-----w- C:\Users\Richard\AppData\Local\CrashDumps 2012-02-20 03:01:25 -------- d-----w- C:\AutoMacroRecorder 2012-02-20 00:29:33 -------- d-----r- C:\Program Files (x86)\Skype 2012-02-19 23:30:03 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-02-19 22:35:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\SpeedMaxPc 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\DriverCure 2012-02-19 22:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\ProgramData\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc 2012-02-19 13:37:48 -------- d-----w- C:\c 2012-02-19 04:48:31 -------- d-----w- C:\rei 2012-02-19 04:48:23 -------- d-----w- C:\Program Files\Reimage 2012-02-19 04:48:15 -------- d-----w- C:\Program Files (x86)\ReImageCompanion 2012-02-19 04:28:15 -------- d-----w- C:\Users\Richard\AppData\Roaming\Malwarebytes 2012-02-19 04:01:11 -------- d--h--w- C:\ProgramData\Common Files 2012-02-19 03:56:35 -------- d-----w- C:\ProgramData\MFAData 2012-02-18 14:42:53 28672 ----a-w- C:\windows\SysWow64\vbWebDownload.dll 2012-02-18 14:42:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx 2012-02-18 14:42:52 -------- d-----w- C:\Program Files (x86)\Wireless Wizard 2012-02-18 14:01:31 -------- d-----w- C:\ProgramData\WeFi 2012-02-18 14:00:13 -------- d-----w- C:\Program Files (x86)\WeFi 2012-02-18 13:14:15 -------- d-----w- C:\Program Files (x86)\NirSoft 2012-02-18 05:55:49 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-02-18 05:55:43 -------- d-----w- C:\Users\Richard\AppData\Local\APN 2012-02-18 05:46:31 -------- d-----w- C:\Program Files (x86)\Common Files\System-G 2012-02-18 05:46:29 -------- d-----w- C:\Program Files (x86)\Connection Keeper 2012-02-18 05:22:45 -------- d-----w- C:\Users\Richard\AppData\Local\DownloadManager 2012-02-18 05:22:43 -------- d-----w- C:\Program Files (x86)\Download Manager 2012-02-17 18:19:31 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll 2012-02-17 18:19:31 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx 2012-02-17 18:19:31 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL 2012-02-17 18:19:31 33968 ----a-w- C:\windows\SysWow64\anim.dll 2012-02-17 18:19:31 258352 ----a-w- C:\windows\SysWow64\unicows.dll 2012-02-17 18:19:31 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL 2012-02-17 18:19:31 1706800 ----a-w- C:\windows\SysWow64\gdiplus.dll 2012-02-17 18:19:30 -------- d-----w- C:\Program Files (x86)\WinUtilities 2012-02-17 17:03:47 -------- d-----w- C:\Program Files (x86)\Glary Utilities 2012-02-17 05:23:27 -------- d-----w- C:\Users\Richard\AppData\Local\KSafe 2012-02-16 16:36:00 -------- d--h--w- C:\SafeRecycle 2012-02-16 16:32:54 -------- d-----w- C:\Users\Richard\AppData\Roaming\kingsoft 2012-02-16 16:28:16 -------- d-sh--w- C:\KRSHistory 2012-02-16 16:27:46 -------- d-sh--w- C:\ProgramData\KRSHistory 2012-02-16 16:27:46 -------- d-----w- C:\ProgramData\Safe 2012-02-16 16:26:46 -------- d-----w- C:\ProgramData\kingsoft 2012-02-16 16:26:31 -------- d-----w- C:\Program Files (x86)\Kingsoft 2012-02-16 04:38:05 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-16 04:38:05 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-16 04:29:26 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-16 04:29:26 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-16 04:05:45 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-16 02:07:58 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-16 02:07:36 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-16 02:07:36 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-15 22:30:09 -------- d-----w- C:\ProgramData\richardy Lab 2012-02-14 15:56:49 -------- d-----w- C:\Users\Richard\AppData\Local\{B87FEE52-0B37-44C7-B7BF-03FD22D334AE} 2012-02-14 03:38:44 -------- d-----w- C:\Users\Richard\files_files 2012-02-11 05:48:40 -------- d-----w- C:\Users\Richard\ftp 2012-02-11 04:15:14 -------- d-----w- C:\Users\Richard\AppData\Local\I Want This 2012-02-11 04:15:13 -------- d-----w- C:\Program Files (x86)\I Want This 2012-02-11 03:41:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\ooVoo Details 2012-02-09 19:21:46 -------- d-----w- C:\Users\Richard\AppData\Local\jZip 2012-02-09 19:20:29 -------- d-----w- C:\Program Files (x86)\jZip 2012-02-09 16:12:06 -------- d-----w- C:\Users\Richard\AppData\Local\Microsoft Help 2012-02-09 14:13:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\FinalTorrent 2012-02-09 14:12:24 -------- d-----w- C:\Program Files (x86)\FinalTorrent 2012-02-09 05:21:42 -------- d-----w- C:\Users\Richard\AppData\Local\DeskShare Data 2012-02-09 05:21:40 -------- d-----w- C:\ProgramData\firebird 2012-02-09 05:21:34 -------- d-----w- C:\Users\Richard\AppData\Local\Spoon 2012-02-09 05:21:31 -------- d-----w- C:\Program Files (x86)\Deskshare 2012-02-09 05:19:10 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-02-08 01:50:15 -------- d-----w- C:\Fraps 2012-02-06 14:19:31 -------- d-----w- C:\Users\Richard\AppData\Roaming\qualys 2012-02-01 17:47:57 -------- d-----w- C:\Users\Richard\AppData\Local\MediaServer 2012-02-01 17:47:55 -------- d-----w- C:\ProgramData\PDVD 2012-02-01 17:44:59 -------- d-----w- C:\ProgramData\install_clap 2012-01-31 19:44:06 -------- d-----w- C:\Program Files (x86)\DictionaryBoss 2012-01-31 06:05:20 -------- d-s---w- C:\windows\SysWow64\Microsoft 2012-01-30 16:15:21 -------- d-----w- C:\windows\SysWow64\BestPractices 2012-01-30 16:15:18 -------- d-----w- C:\windows\System32\BestPractices 2012-01-30 16:15:17 -------- d-----w- C:\inetpub 2012-01-30 16:07:22 0 ---ha-w- C:\Users\Richard\AppData\Local\BITCA62.tmp . ==================== Find3M ==================== . 2012-02-21 05:52:13 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-20 02:24:00 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-01-29 13:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-27 02:45:08 15672 ----a-w- C:\windows\System32\drivers\SWDUMon.sys 2012-01-19 03:11:11 0 ----a-w- C:\windows\SysWow64\sho3894.tmp 2012-01-13 06:58:07 0 ----a-w- C:\windows\SysWow64\sho478F.tmp 2012-01-12 23:01:55 0 ----a-w- C:\windows\SysWow64\sho55DC.tmp 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb . ============= FINISH: 23:03:46.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/6/2012 2:02:14 PM System Uptime: 2/28/2012 7:05:11 PM (4 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU1 | 2200/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 365.584 GiB free. D: is FIXED (NTFS) - 29 GiB total, 26.818 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP92: 2/24/2012 5:40:55 AM - avast! Free Antivirus Setup RP93: 2/24/2012 5:43:44 AM - avast! Free Antivirus Setup RP94: 2/24/2012 1:56:37 PM - Windows Update RP95: 2/24/2012 7:44:49 PM - Installed TuneUp Utilities 2012 RP96: 2/24/2012 8:43:14 PM - Removed TuneUp Utilities 2012 RP97: 2/24/2012 8:43:46 PM - Removed TuneUp Utilities Language Pack (en-US) RP98: 2/25/2012 8:10:22 PM - Restore Operation RP99: 2/26/2012 7:00:52 PM - Windows Backup RP100: 2/27/2012 1:28:08 PM - OTL Restore Point - 2/27/2012 1:28:05 PM RP101: 2/27/2012 1:28:39 PM - OTL Restore Point - 2/27/2012 1:28:39 PM RP102: 2/28/2012 5:44:13 PM - Restore Operation . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Ask Toolbar Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Connection Keeper Connection Monitor Connectivity Fixer Download Manager DriverUpdate ElephantDrive Desktop Energy Management Glary Utilities 2.42.0.1389 Google Chrome Google Update Helper InstallIQ Updater Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Itibiti RTC Java Auto Updater Java 6 Update 31 Junk Mail filter update Kaspersky Anti-Virus 2012 Knctr Lenovo Driver Download Manager Lenovo EasyCamera Lenovo Games Console Lenovo OneKey Recovery Lenovo YouCam Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Thunderbird 10.0.2 (x86 en-US) MSRedx64 MSVCRT MSVCRT_amd64 NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111 NirSoft WirelessNetView Norton AntiVirus Norton Management Norton Online Norton Safety Minder ooVoo ooVoo toolbar, powered by Ask.com Updater Pando Media Booster Power Tab Editor 1.7 Power2Go Realtek USB 2.0 Reader Driver ReImageCompanion Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) SendSpace Wizard Skype™ 5.8 Star Trek Online Super Speed Internet & Browser Assistant SySpeed TransferBigFiles Desktop Client Trojan Remover 6.8.2 TuneUp Utilities Language Pack (en-US) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) UserGuide Webcam 1-2-3 WeFi 4.0.1.0 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinUtilities 10.41 Professional Edition Wireless Wizard ver 5.2 . ==== Event Viewer Messages From Past Week ======== . 2/28/2012 7:09:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service. 2/28/2012 7:09:34 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 7:09:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/28/2012 7:08:07 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 2/28/2012 7:05:44 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 5:54:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007041d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 2/28/2012 5:44:46 PM, Error: Service Control Manager [7034] - The ElephantDrive-MappedDrive service terminated unexpectedly. It has done this 1 time(s). 2/27/2012 9:51:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 2/27/2012 9:51:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/27/2012 9:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/27/2012 9:40:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:36:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOSE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{73B8F4AE-6469-4024-9029-8469BCCB146F}. The master browser is stopping or an election is being forced. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/26/2012 9:03:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV SymIRON SymNetS 2/26/2012 5:04:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 2/26/2012 3:31:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 2/26/2012 12:11:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 2/26/2012 12:11:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 2/26/2012 12:10:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service. 2/25/2012 8:58:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 2/25/2012 8:39:09 PM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:39:09 PM, Error: IPRIP [29052] - IPRIP could not request multicasting on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:22:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2/25/2012 8:19:35 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. 2/23/2012 12:09:21 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 2/23/2012 11:25:08 AM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 192.168.1.113. The data is the error code. 2/22/2012 3:18:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON SymNetS 2/21/2012 11:40:43 AM, Error: Microsoft Antimalware [3002] - 2/21/2012 10:21:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON 2/21/2012 1:37:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf . ==== End Of File =========================== From RichJacoby , additional info: I have a set of png's from various screen captures of differnet warnings etc.such as NPFS32.dll is infected; Norton:trojan.adh.2 has been removed... On my first run of Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Richard :: FRED [administrator] Protection: Enabled 2/18/2012 8:39:02 PM mbam-log-2012-02-18 (20-39-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 284132 Time elapsed: 9 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Program Files (x86)\DictionaryBoss\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 7 C:\Users\Richard\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\Users\Richard\Downloads\jenkatarcade.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Users\Richard\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\installKeys.js (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome\v4ffxtbr.jar (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.