Jump to content

Search the Community

Showing results for tags 'Pum.hijack.StartMenu'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 14 results

  1. Hi, I'm new to the Forum. I have tried researching the topic online and contacting MBAM support directly. Neither has helped so far. I think that is, in part, due to the fact that I want to understand what is going on before jumping on a removal process. From MBAM's own website: "The 'PUM' (Potentially Unwanted Modification) detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings. If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software." But how do I really know if the detected PUM is something I should keep or remove? I've attached an image of what the screen looks like when MBAM finishes its scan. I'll also include the log information in an attachment and in the body below. In the days leading up to this problem, I did make some changes. Kaspersky Internet Security (KIS) wasn't updating, a problem I have experienced before. After troubleshooting the matter, I had to do an uninstall/reinstall. Unlike previous uninstall/reinstall instructions, this time I was not told to use the Kavremover tool. I also took steps to update the NVIDIA driver and downloaded a new program called DrawPlus by Serif. So, I have been wondering if one of the actions I took did change something on the StartMenu; but I am not experienced enough to figure it out. Googling only took me so far and there's a lot to process. During the uninstall/reinstall of KIS, I did have to turn off the firewall too. So, maybe it isn't an action I took but an actual piece of malware that got in during that time? But the question remains: How do I know the difference? I don't want to prematurely remove the PUM only to cause other problems down the line in the registry. I am happy to provide the logs and screen shots needed to help you help me figure this out. Just know that I'll need you to tell me how to get you the logs . The log I can give you now is the most recent. I tried the NVIDIA Rollback tool to see if that made a difference. The only difference I noted was that the information in the brackets following the PUM location changed. Again, I don't know what that even means. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/25/2015 Scan Time: 5:10 PM Logfile: 25 August 2015 - FORUM.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.25.07 Rootkit Database: v2015.08.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 423279 Time Elapsed: 19 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-683834285-2108896767-324524410-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),,[d8330706acdffe3830e05ef9da2b45bb] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Okay, I think that's it. I very much look forward to your replies. Your help and input is most welcome and appreciated. Image MBAM Results.docx 25 August 2015 - FORUM.txt
  2. Hi, i recently reinstalled my system to refresh some things, i do this occasionally. Before I reinstalled I did a scan with MBAM, everything came up clean. After reinstalling all my programs on the new installation, i received a notification from MBAM that it had found 'PUM.Hijack.StartMenu' during a routine scan. The programs I installed were from their official sites, others using Ninite (https://ninite.com/). I then decided to download a paid app called Xplorer2 (http://www.zabkat.com/) which I have abandoned in the past, because i thought it was the cause for a "Hijack.Drives" i caught long ago. For those unaware, Xplorer2 is basically a Windows Explorer replacement. I am beginning to think Xplorer2 is the same reason for the 'PUM.Hijack.StartMenu' i just caught. There is a setting inside Xplorer2 which allows you to make Xplorer2 the 'default' explorer, which does have to make necessary changes to the registry in order for the app to trigger in place of Windows Explorer. I'll attach an image of this feature and the MBAM log in the coming hours. What do you guys think? Is this a legitimate find, or should i un-quarantine it from MBAM if it's needed for Xplorer2? 'Hijack.Drives' is likely to similar to 'PUM.Hijack.Startmenu', just sounds slightly different because of the new MBAM 2.0 interface.. but i could be wrong. I found this little bit from Malwaretips.com:
  3. Hello there, I'm new to these forums and I was wondering if I could receive help. I've been infected with really a really bad virus/viruses and symptoms started about 3 days ago. Yesterday I downloaded Malwarebytes and ran a full scan on and it found PUM.hijack.startmenu so I had it deleted but I'm still having bad virus symptoms like hard disk errors and repairs logs upon startup. I'd also like to add that chrome does NOT respond when trying to load a website. Internet explorer seems to work fine. My computer is also extremely slow and unresponsive at times. Another interesting fact is that recycle bin does not allow the deletion of programs and I get a "windows explorer has stopped working" popup and the bin closes. DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.21.2 Run by Owner at 17:40:12 on 2013-07-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2452 [GMT -4:00] . AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Tablet\Pen\WTabletServiceCon.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Tablet\Pen\WacomHost.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Bamboo Dock\BambooCore.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0BB952C8-0B8E-49CA-9976-0F9BB4193735} : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned> x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\whb7snl9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-20 8704] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-14 55856] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-12 283200] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-14 13336] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-9 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-9 701512] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-14 1692480] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208] R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-5 4153184] R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-25 619904] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-9 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-14 236544] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448] S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-3-25 13728] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-10-14 138752] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] S3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] S3 slb;slb;C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [2013-3-14 81880] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-3-25 81824] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-4-6 18288] S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-3-25 15776] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-31 1255736] . =============== Created Last 30 ================ . 2013-07-10 15:44:29 -------- d-sh--w- C:\$RECYCLE.BIN 2013-07-10 01:59:52 -------- d-----w- C:\ComboFix 2013-07-10 01:38:23 98816 ----a-w- C:\Windows\sed.exe 2013-07-10 01:38:23 256000 ----a-w- C:\Windows\PEV.exe 2013-07-10 01:38:23 208896 ----a-w- C:\Windows\MBR.exe 2013-07-09 22:22:56 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-09 22:22:38 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-09 22:22:38 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-09 20:25:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2013-07-09 20:25:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-09 20:25:34 -------- d-----w- C:\ProgramData\Malwarebytes 2013-07-09 20:25:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-09 20:24:55 -------- d-----w- C:\Users\Owner\AppData\Local\Programs 2013-07-09 18:06:31 -------- d-----w- C:\TMRescueDisk 2013-07-09 18:01:49 97592 ----a-w- C:\Windows\System32\drivers\tmeevw.sys 2013-07-09 18:01:49 210232 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys 2013-07-09 18:01:49 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys 2013-07-09 18:01:48 76672 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys 2013-07-09 18:01:48 46392 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys 2013-07-09 18:01:48 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2013-07-09 18:01:48 106000 ----a-w- C:\Windows\System32\drivers\tmactmon.sys 2013-07-09 18:00:15 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat 2013-07-09 17:58:33 -------- d-----w- C:\Program Files\Trend Micro 2013-07-09 17:40:29 -------- d-s---w- C:\Windows\SysWow64\Microsoft 2013-07-08 22:14:08 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-07-08 22:14:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\IObit 2013-07-08 22:14:05 -------- d-----w- C:\ProgramData\IObit 2013-07-08 01:06:26 -------- d-----w- C:\Program Files\AVAST Software 2013-07-08 01:05:59 -------- d-----w- C:\ProgramData\AVAST Software 2013-07-08 00:53:52 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-07-07 23:48:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\WTablet 2013-07-07 18:30:59 -------- d-----w- C:\Program Files (x86)\Pixologic 2013-06-23 20:48:59 -------- d-----w- C:\Users\Owner\AppData\Local\ACCCx181 2013-06-19 12:39:49 -------- d-----w- C:\Program Files (x86)\Samsung 2013-06-19 12:30:10 57344 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe 2013-06-19 12:30:10 57344 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe 2013-06-19 12:30:10 53248 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\ARPPRODUCTICON.exe 2013-06-19 12:29:43 -------- d-----w- C:\Program Files\SAMSUNG 2013-06-19 12:29:29 -------- d-----w- C:\ProgramData\Samsung 2013-06-19 12:29:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\VERIZON 2013-06-19 12:26:56 -------- d-----w- C:\Users\Owner\AppData\Local\{ACD6EA74-D9D7-40E0-B0E7-85AA58F546B2} 2013-06-18 01:15:52 -------- d-----w- C:\Program Files (x86)\Anki . ==================== Find3M ==================== . 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:31:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 23:31:21 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-25 22:05:16 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ============= FINISH: 17:40:34.74 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/21/2010 5:06:47 PM System Uptime: 7/10/2013 5:15:54 PM (0 hours ago) . Motherboard: Dell Inc. | | 018D1Y Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 243.874 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable J: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Reader XI Adobe Shockwave Player 11.6 Aeria Ignite Akamai NetSession Interface AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Anki Apple Application Support Apple Mobile Device Support Apple Software Update Application Profiles Archeblade ATI AVIVO64 Codecs Autodesk SketchBook Express 2011 sp2 Bamboo Dock Bamboo Tablets Tutorial Bandisoft MPEG-1 Decoder Beatport Downloader Best Buy pc app Bonjour Brawl Busters Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Connect Cisco Network Magic Consumer In-Home Service Agreement D3DX10 DAEMON Tools Pro Advanced v5.2.0.0348 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Communications (Support Software) Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Edoc Viewer Dell Getting Started Guide Derpy_Lava_Lamp DFOLauncher Dota 2 DragonNest Elements 10 Organizer F.lux Free FLAC to MP3 Converter 1.0 Google Chrome Google Drive Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 gpedt.msc 1.0 Guild Wars 2 Hi-Rez Studios Authenticate and Update Service Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HTC BMP USB Driver HTC Driver Installer HTC Sync Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology iTunes Java 7 Update 21 Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 33 Junk Mail filter update Last.fm Scrobbler 2.1.35 League of Legends Logitech Webcam Software Mabinogi Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MicroVolts Mozilla Firefox 9.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) Network Magic Nexon Game Manager NVIDIA PhysX OnLive ooVoo OpenOffice.org 3.4.1 Pando Media Booster PSE10 STI Installer PunkBuster Services Pure Networks Platform QuickTime Ragnarok Online 2 Realtek High Definition Audio Driver ROBLOX Player Rosetta Stone Version 3 Roxio Burn SAMSUNG USB Driver for Mobile Phones Scarlet Blade Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Simple Adblock Skype Click to Call Skype™ 6.5 Spelling Dictionaries Support For Adobe Reader 9 StarCraft II Steam SUABnR swMSM TeamViewer 8 TestHear 2.0.13.5 - Biology ePAT TestHear 2.0.13.5 - Geometry ePAT Tribes: Ascend Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Ventrilo Client for Windows x64 Verizon Wireless Software Upgrade Assistant - Samsung(ar) Verizon Wireless Software Utility Application for Android - Samsung Vindictus Wacom Warframe WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit WebTablet IE Plugin WebTablet Netscape Plugin Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (64-bit) WModem Driver Installer Xfire (remove only) . ==== Event Viewer Messages From Past Week ======== . 7/9/2013 9:57:08 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 7/9/2013 9:51:46 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/9/2013 9:37:37 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 7/9/2013 8:33:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 7/9/2013 3:36:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000074 (0x0000000000000002, 0xfffff88004d04ae0, 0x0000000000000002, 0xffffffffc000014d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070913-19437-01. 7/9/2013 3:21:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:20:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/9/2013 3:20:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 7/9/2013 3:19:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmactmon tmevtmgr tmtdi Wanarpv6 WfpLwf 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/9/2013 3:19:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/9/2013 3:11:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 7/9/2013 3:11:43 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/9/2013 3:05:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 7/9/2013 10:10:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/8/2013 8:21:01 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s). 7/8/2013 7:33:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service. 7/8/2013 6:14:11 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/8/2013 4:33:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 7/8/2013 4:25:58 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2013 4:25:43 PM, Error: Service Control Manager [7034] - The Wacom Consumer Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2013 4:25:21 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 7/8/2013 4:25:04 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/8/2013 3:51:38 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/7/2013 9:22:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 7/10/2013 5:18:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 7/10/2013 5:18:40 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/10/2013 5:16:07 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified. 7/10/2013 5:00:47 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 7/10/2013 3:52:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 7/10/2013 12:46:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 7/10/2013 11:58:39 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 11:58:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/10/2013 11:58:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/10/2013 11:58:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 11:58:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/10/2013 11:58:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/10/2013 11:58:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 7/10/2013 11:58:22 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 11:45:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 7/10/2013 11:40:20 AM, Error: Service Control Manager [7022] - The Windows Modules Installer service hung on starting. . ==== End Of File =========================== Thanks again
  4. Hello, Malwarebytes! I just downloaded Malwarebytes this morning because I thought that a rogueware that I removed a while ago had left a rootkit. The rogueware was Vista Home Security 2012. Kaspersky claimed to have cleaned it all, but my computer has been acting worse and worse. During quick scan, Malwarebytes found PUM.Hijack.StartMenu. I don't know what it is, and I found little explanation about it on Google. What I did find was that it takes a lengthy process in removal. Therefore, I have a few questions. What is PUM.Hijack.StartMenu? How can I make sure it is completely removed? Is the process of removal the same for all computers? (I have a Windows Vista Home 32bit.)
  5. Hey! My laptop was acting incredibly slow (internet as well... photos were taking forever to load!) so I donwloaded malewarebytes and it said I had a PUM.Hijack.StartMenu... not sure what it is, looks like it might be able to access my computer through a "backdoor"? Anyways, I'm following the instructions here, and really need some help! Thanks so much in advance! DDS.txt: ----------0-------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by User at 10:45:30 on 2013-03-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1044 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\rundll32.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Windows\Samsung\PanelMgr\caller64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\igfxsrvc.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ergative.com/ uDefault_Page_URL = hxxp://samsung.msn.com mStart Page = hxxp://samsung.msn.com mWinlogon: Userinit = userinit.exe, BHO: MRI_DISABLED - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\05965646271625F6A616 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\05965646271625F6A616F5548545 : DHCPNameServer = 192.168.1.254 192.168.1.2 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\65F6E62427F6F6B6C697E6 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\65F6E654163747 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\C45602051696E6021557F64796469656E6 : DHCPNameServer = 192.168.180.1 TCP: Interfaces\{5D7A9347-328D-44D5-94EF-478A7D7C2048}\D496649643632303C45402A45647071636B6026433636402355636572756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C} : DHCPNameServer = 75.75.75.75 75.75.76.76 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\windows\System32\DreamScene.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ejkradh3.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-4-18 13824] R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\System32\drivers\CipcCdp.sys [2010-4-12 27200] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2012-3-7 11576] R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-10-23 344616] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-10-23 39464] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-4-18 111616] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2010-7-8 401696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-25 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-25 682344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-11-22 245760] S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-25 24176] S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2011-4-4 21504] S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2009-1-29 9216] S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2010-4-1 26624] S3 motusbdevice;Motorola USB Dev Driver;C:\windows\System32\drivers\motusbdevice.sys [2011-11-8 11776] S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-11-3 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-30 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-25 17:48:38 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85F9B79C-AD1D-42C0-B19C-EAE26A03DF14}\offreg.dll 2013-03-25 17:40:36 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes 2013-03-25 17:40:21 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-25 17:40:19 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-25 17:40:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-25 17:40:04 -------- d-----w- C:\Users\User\AppData\Local\Programs 2013-03-25 13:29:25 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85F9B79C-AD1D-42C0-B19C-EAE26A03DF14}\mpengine.dll 2013-03-22 17:56:15 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-21 13:33:21 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01020027-54A5-47BC-A8BB-890C978EE492}\gapaengine.dll 2013-02-28 14:10:50 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll 2013-02-28 14:09:48 3928064 ----a-w- C:\windows\System32\d2d1.dll 2013-02-28 14:09:46 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll . ==================== Find3M ==================== . 2013-03-13 15:21:55 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 15:21:55 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-02-28 13:57:26 1188864 ----a-w- C:\windows\System32\wininet.dll 2013-02-28 13:37:29 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2013-02-28 12:03:52 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2013-02-28 11:38:43 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe 2013-01-20 20:59:04 230320 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll 2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll 2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 10:45:44.48 =============== Attach.txt --------------0--------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/23/2011 12:15:50 PM System Uptime: 3/25/2013 2:44:38 PM (20 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510 Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 280 GiB total, 201.12 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Broadcom 802.11n Network Adapter Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_7179144F&REV_01\4&2BCEBCDB&0&00E5 Manufacturer: Broadcom Name: Broadcom 802.11n Network Adapter PNP Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_7179144F&REV_01\4&2BCEBCDB&0&00E5 Service: BCM43XX . ==== System Restore Points =================== . RP228: 2/26/2013 9:35:03 AM - Windows Update RP229: 2/28/2013 9:08:23 AM - Windows Update RP230: 3/4/2013 9:19:07 AM - Windows Update RP231: 3/7/2013 11:34:17 AM - Windows Update RP232: 3/11/2013 9:42:29 AM - Windows Update RP233: 3/13/2013 2:22:08 PM - Windows Update RP234: 3/18/2013 9:22:56 AM - Windows Update RP235: 3/22/2013 1:54:07 PM - Windows Update RP236: 3/22/2013 3:29:55 PM - Removed Samsung Update Plus RP237: 3/22/2013 3:33:49 PM - Removed Samsung Recovery Solution 5 RP238: 3/22/2013 3:52:02 PM - Removed Samsung Support Center RP239: 3/22/2013 3:53:35 PM - Removed Samsung AnyWeb Print RP240: 3/22/2013 3:55:02 PM - Removed Easy SpeedUp Manager . ==== Installed Programs ====================== . ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Client Installation Program „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija BatteryLifeExtender Bonjour Broadcom 802.11 Network Adapter Brother MFL-Pro Suite HL-2280DW Brother MFL-Pro Suite MFC-J630W Cisco IP Communicator CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Easy Display Manager Easy Network Manager EasyBatteryManager ETDWare PS/2-X64 8.0.7.0_WHQL Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live Google Chrome Google Gmail Notifier Google Talk Plugin HS CardReader IBIS Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology iTunes Java 7 Update 9 Java Auto Updater Java 6 Update 33 Junk Mail filter update Maintenance Samsung ML-191x 252x Series Malwarebytes Anti-Malware version 1.70.0.1100 Marvell Miniport Driver Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MotoHelper 2.1.32 Driver 5.4.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.4.0 Mozilla Firefox 15.0 (x86 en-US) Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Norton Online Backup Nuance PaperPort 12 Nuance PDF Viewer Plus PaperPort Image Printer 64-bit Poczta uslugi Windows Live Podstawowe programy Windows Live Pošta Windows Live Raccolta foto di Windows Live Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Samsung AnyWeb Print Scansoft PDF Professional Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype Click to Call Skype™ 6.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition User Guide VLC media player 2.0.5 Vuze WIDCOMM Bluetooth Software Winamp Winamp Detector Plug-in Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== Event Viewer Messages From Past Week ======== . 3/25/2013 9:48:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff880063e4ae6). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032513-38282-01. 3/25/2013 5:58:46 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer. 3/25/2013 5:57:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D7A9347-328D-44D5-94EF-478A7D7C2048} because another computer on the network has the same name. The server could not start. 3/25/2013 5:57:08 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer. 3/25/2013 3:56:15 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 3/25/2013 3:55:57 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 0.0.0.0. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer. 3/25/2013 12:42:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff880069edae6). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032513-25069-01. 3/21/2013 9:52:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff880063dcae6). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032113-28797-01. 3/21/2013 12:15:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service. . ==== End Of File ===========================
  6. Hello. I believe I've picked up a fake HDD virus. MBAM detects two PUM.Hijack.StartMenu items but stalls out when I attempt to remove. After clicking to a website from Google search, a PDF began auto-downloading in my Firefox downloads. Suddenly, programs began shutting down, and I started getting several critical HDD error messages: • "Device initialization failed" • "Critical Error. Drive sector not found error" • "Critical error. Hard drive controller failure" • "Data Error Reading Drive C:\" • "System message - Write Fault Error. A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception reference to an invalid system memory address." I tried to run MBAM, but the scan aborted after a few minutes and MBAM was shut down. I booted up in Safe Mode. All folders, files, system files, programs, documents, etc. are now unviewable. I was able to run MBAM.exe using the Run command. MBAM detects two PUM.Hijack.StartMenu items, but when I attempt to remove, MBAM freezes. I shut MBAM down and ran it again and was able to produce the log. MBAM and DDS logs below. Any help you can provide is very much appreciated. -------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.10.08 Windows 7 x64 FAT (Safe Mode) Internet Explorer 8.0.7600.16385 v :: V-PC [administrator] 9/15/2012 10:37:34 AM mbam-log-2012-09-15 (11-10-41).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 360753 Time elapsed: 31 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2 Run by v at 11:15:58 on 2012-09-15 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4713 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nytimes.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Google Update] "C:\Users\v\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [RMgOYWJNIRmTJbK.exe] C:\ProgramData\RMgOYWJNIRmTJbK.exe mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL Trusted Zone: alohaenterprise.com\nextstudent Trusted Zone: nextstudent.com\exchange DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\140707C65602E4564777F627B602564693632693 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\14E64627F696461405 : DhcpNameServer = 192.168.43.1 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [RMgOYWJNIRmTJbK.exe] C:\ProgramData\RMgOYWJNIRmTJbK.exe mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\v\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-29 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-29 13336] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-29 689472] S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2320920] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-09-10 23:12:52 379904 ---ha-w- C:\ProgramData\RMgOYWJNIRmTJbK.exe 2012-09-10 18:30:18 69000 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\offreg.dll 2012-09-08 17:20:51 9310152 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\mpengine.dll 2012-09-05 23:12:55 95208 ---ha-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-31 04:40:47 73696 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-08-25 02:48:21 -------- d--h--w- C:\Program Files (x86)\Amazon 2012-08-25 02:47:33 -------- d--h--w- C:\Program Files\Amazon . ==================== Find3M ==================== . 2012-09-05 23:12:51 746984 ---ha-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-05 23:09:16 73416 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-05 23:09:16 696520 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec 2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-19 15:53:55 129024 ---ha-w- C:\Windows\RegBootClean64.exe 2012-06-19 15:53:41 21520 ---ha-w- C:\Windows\DCEBoot64.exe . ============= FINISH: 11:23:53.71 =============== -------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/22/2011 11:58:55 PM System Uptime: 9/15/2012 10:25:16 AM (1 hours ago) . Motherboard: Dell Inc. | | 0G62V9 Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz | CPU 1 | 2533/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 464.071 GiB free. D: is CDROM () E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP165: 8/12/2012 11:01:41 PM - Windows Update RP166: 8/16/2012 12:24:32 AM - Windows Update RP168: 8/23/2012 11:02:05 PM - Windows Update RP169: 8/28/2012 7:23:09 PM - Windows Update RP170: 9/4/2012 7:41:30 AM - Windows Update RP171: 9/5/2012 4:10:17 PM - Installed Java 7 Update 7 RP172: 9/8/2012 10:20:02 AM - Windows Update . ==== Installed Programs ====================== . Across Lite Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 Advanced Audio FX Engine Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement Cozi DAEMON Tools Lite dBpoweramp Music Converter Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central Google Chrome GoToAssist 8.0.0.514 GoToMeeting 5.3.0.970 GPL Ghostscript Lite 8.70 IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Java 7 Update 7 Java Auto Updater JavaFX 2.1.1 Junk Mail filter update Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 15.0 (x86 en-US) Mozilla Maintenance Service MSVCRT QuickTime Realtek USB 2.0 Card Reader Rosetta Stone Version 3 Roxio Burn Security Update for CAPICOM (KB931906) Skype Toolbars Skype™ 4.2 VLC media player 1.1.11 WebEx WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 9/15/2012 10:26:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:26:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/15/2012 10:26:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/15/2012 10:26:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/15/2012 10:26:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/15/2012 10:26:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/15/2012 10:26:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/15/2012 10:25:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/15/2012 10:25:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
  7. May the Elders of the Internet shine down upon you for your wonderful service! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Sue Bufkin at 12:48:47 on 2012-09-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2339 [GMT -7:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\svchost.exe -k LocalService c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\SFT\GuardedID\gidd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\ALCFDRTM.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3014000 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Constant Guard Protection Suite: {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.12.829.1\NativeBHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: adp.com DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313294508265 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5C36588F-7B1E-438C-8B8D-F82762DBC115} : DhcpNameServer = 192.168.0.1 Notify: GIDLogonXP - GIDLogonXP.dll mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-17 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-17 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120919.001\BHDrvx86.sys [2012-9-22 995488] R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-11-25 25232] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-17 136312] R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-8-30 62064] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-17 130008] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-8-13 1756384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120928.001\IDSXpx86.sys [2012-9-29 373728] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-8-13 57440] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-30 40776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120929.018\NAVENG.SYS [2012-9-29 92704] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120929.018\NAVEX15.SYS [2012-9-29 1601184] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2004-1-12 1252474] RUnknown DwProt;DwProt; [x] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250288] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-13 136176] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\tp-link wireless configuration utility\wps\jswpsapi.exe [2011-8-13 360529] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 114144] S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2012-1-14 24880] . =============== Created Last 30 ================ . 2012-09-30 19:27:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-30 18:58:02 -------- d-----w- c:\documents and settings\sue bufkin\DoctorWeb 2012-09-30 18:47:01 -------- d-----w- c:\documents and settings\sue bufkin\application data\Malwarebytes 2012-09-30 18:43:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-30 18:43:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-30 18:43:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-30 18:24:32 -------- d-----w- c:\documents and settings\sue bufkin\application data\Tific 2012-09-30 16:31:26 -------- d-----w- c:\documents and settings\sue bufkin\application data\Auslogics 2012-09-30 16:30:28 -------- d-----w- c:\program files\Auslogics 2012-09-30 06:17:13 -------- d-----w- c:\documents and settings\sue bufkin\local settings\application data\Identities 2012-09-28 04:03:17 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-09-17 03:49:24 -------- d-----w- c:\program files\GUM12.tmp 2012-09-11 04:44:16 -------- d-----w- c:\documents and settings\sue bufkin\local settings\application data\White_Sky,_Inc . ==================== Find3M ==================== . 2012-09-22 17:16:42 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-22 17:16:42 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2000-06-08 14:12:30 463872 ----a-w- c:\program files\Convert.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A687AB8] 3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000075[0x8A61EF18] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A61CD98] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! . ============= FINISH: 12:49:08.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/12/2011 10:50:29 PM System Uptime: 9/30/2012 11:08:12 AM (1 hours ago) . Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R) Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2520/280mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 443.307 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1397 GiB total, 1338.626 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&00F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&00F0 Service: RTL8023xp . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2 PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0 Service: RTL8023xp . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Device ID: ACPI\ABT2005\3&2411E6FE&0 Manufacturer: Name: PNP Device ID: ACPI\ABT2005\3&2411E6FE&0 Service: . ==== System Restore Points =================== . RP116: 7/4/2012 10:03:56 AM - System Checkpoint RP117: 7/5/2012 9:19:24 PM - System Checkpoint RP118: 7/7/2012 8:43:08 AM - System Checkpoint RP119: 7/8/2012 12:25:15 PM - System Checkpoint RP120: 7/11/2012 10:31:00 PM - Software Distribution Service 3.0 RP121: 7/14/2012 10:39:46 AM - System Checkpoint RP122: 7/15/2012 10:50:03 AM - System Checkpoint RP123: 7/17/2012 9:06:32 PM - System Checkpoint RP124: 7/20/2012 8:55:40 PM - System Checkpoint RP125: 8/5/2012 9:49:27 PM - System Checkpoint RP126: 8/7/2012 1:35:00 PM - System Checkpoint RP127: 8/8/2012 7:00:25 PM - System Checkpoint RP128: 8/11/2012 9:34:31 AM - System Checkpoint RP129: 8/17/2012 7:03:18 AM - Software Distribution Service 3.0 RP130: 8/20/2012 9:51:23 PM - System Checkpoint RP131: 8/25/2012 8:51:53 AM - System Checkpoint RP132: 8/26/2012 10:46:58 AM - System Checkpoint RP133: 9/11/2012 7:43:32 PM - System Checkpoint RP134: 9/11/2012 10:46:27 PM - Software Distribution Service 3.0 RP135: 9/14/2012 7:36:27 PM - System Checkpoint RP136: 9/15/2012 8:18:26 PM - System Checkpoint RP137: 9/16/2012 9:15:12 PM - System Checkpoint RP138: 9/17/2012 9:32:05 PM - System Checkpoint RP139: 9/22/2012 10:15:36 AM - System Checkpoint RP140: 9/22/2012 5:13:40 PM - Software Distribution Service 3.0 RP141: 9/29/2012 10:20:04 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Software Update Auslogics Registry Cleaner Bicycle Casino Compatibility Pack for the 2007 Office system Constant Guard Protection Suite CreataCard Plus 2 Creative WebCam NX Ultra Driver (1.01.03.0112) Google Earth Google Update Helper GuardedID High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) JMB36X Raid Configurer LightScribe 1.4.136.1 Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.65.0.1400 Mavis Beacon Teaches Typing 16 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft Silverlight Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 6.0 Parser (KB925673) Nero 7 Essentials Norton Security Suite NVIDIA Drivers QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Remote Control USB Driver RemoteComms External Disk Access Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Segoe UI TL-WN822N Driver TP-LINK Wireless Configuration Utility Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.11 WebFldrs XP Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format Runtime Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 9/30/2012 8:59:32 AM, error: AR9271 [5001] - TP-LINK Wireless N Adapter : Could not allocate the resources necessary for operation. . ==== End Of File =========================== Here are the results. Norton Anti Virus stopped Rouge Killer from running the first time, had to disable it and download another copy, second time ran fine. At this point the exe files still do not run properly, I can only run programs from task manager --> file --> run. Most do not run at all, firefox still runs this way, and notepad. Thanks Again a.6 Results of screen317's Security Check version 0.99.51 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. N o r t o n ECHO is off. S e c u r i t y ECHO is off. S u i t e ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Auslogics Registry Cleaner Adobe Flash Player 11.4.402.278 Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log`````````````````````` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.003 - Logfile created 09/30/2012 at 19:16:47 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Sue Bufkin - SUECOMPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Sue Bufkin\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Sue Bufkin\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Sue Bufkin\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SmartBar Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3014000 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3014000 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Sue Bufkin\Application Data\Mozilla\Firefox\Profiles\y3xd4di1.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1793 octets] - [30/09/2012 19:16:06] AdwCleaner[R2].txt - [1853 octets] - [30/09/2012 19:16:20] AdwCleaner[s1].txt - [1971 octets] - [30/09/2012 19:16:47] ########## EOF - C:\AdwCleaner[s1].txt - [2031 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Sue Bufkin [Admin rights] Mode : Remove -- Date : 09/30/2012 21:17:20 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] ALCFDRTM.EXE -- C:\WINDOWS\ALCFDRTM.EXE -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A2D46F0) SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A1FDB80) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89CA16D0) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A3A52D0) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A0F56F0) SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x8A072398) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x8A037B88) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89DB3820) SSDT[57] : NtDebugActiveProcess @ 0x80643A1C -> HOOKED (Unknown @ 0x8A3AA598) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A37F978) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A078DB8) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A268980) SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A3216F8) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A072CA8) SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A0E7760) SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x8A2566C8) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A36B948) SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A3B0C08) SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A1EE370) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A2616D0) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A3A7968) SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A214C70) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A2E4ED0) SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A034EB0) SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x8A368A00) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A1ECC50) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A6F32B8) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A291DB8) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A3D3120) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A2DE350) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A1CCF38) S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8A2EB1F8) S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8A266D88) S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x8A246970) S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x8A2A9998) S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8A24F408) S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x894280A8) S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x8A03A248) S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x89D13788) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8A2D9C70) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x8A2EE3D8) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 +++++ --- User --- [MBR] 58a67bea6c8bbe5c706b92561839ea7c [bSP] 99ea167fd119c3be5ff9003914e7ea92 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  8. Hello, I have an MDG laptop and am using the Vista OS. I ran Malwarebytes and discovered I had "Pum.hijack.StartMenu" malware. I removed it. However, when I ran the next Malwarebytes scan it reappeared. Avast did not pick up on this. I re-installed the system software and clicked reformat. Once the updates were installed I ran Malwarebytes again and this bug showed up again. Please help! Thanking you in advance! Karen DDS.txt Attach.txt
  9. Ran Malwarebytes yesterday in safe mode on my netbook - found and removed PUM.Hijack.StartMenu. Ran again in safe mode this morning with same result. Thanks in advance for your advice. Ed dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Edward at 10:48:26 on 2012-07-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.598 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HPBTWD.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\syncables\syncables desktop\Syncables.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\syncables\syncables desktop\MigoMapi.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/intl/en uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [cdloader] "c:\documents and settings\edward\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe StartupFolder: c:\docume~1\edward\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\edward\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264184234343 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{7A4E10C4-B481-4152-AFB4-4DC65DD78684} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2011-5-31 81920] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] . =============== Created Last 30 ================ . 2012-07-05 22:00:43 -------- d-----w- c:\documents and settings\edward\application data\Malwarebytes 2012-07-05 22:00:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-05 22:00:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-05 22:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-19 16:40:11 -------- d-----w- c:\documents and settings\edward\local settings\application data\Deployment 2012-06-15 06:30:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-15 06:30:17 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-08 02:52:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 02:52:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 10:49:14.81 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 9/21/2009 7:36:40 AM System Uptime: 7/6/2012 10:11:02 AM (0 hours ago) . Motherboard: Hewlett-Packard | | 308F Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 138.365 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Atheros AR8132 PCI-E Fast Ethernet Controller Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Manufacturer: Atheros Name: Atheros AR8132 PCI-E Fast Ethernet Controller PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Service: L1c . ==== System Restore Points =================== . RP124: 4/16/2012 6:33:55 PM - System Checkpoint RP125: 4/17/2012 7:29:38 PM - System Checkpoint RP126: 4/18/2012 8:25:17 PM - System Checkpoint RP127: 4/21/2012 12:32:35 PM - Software Distribution Service 3.0 RP128: 6/6/2012 2:54:30 AM - Software Distribution Service 3.0 RP129: 6/8/2012 1:19:12 AM - Software Distribution Service 3.0 RP130: 6/10/2012 1:24:11 AM - System Checkpoint RP131: 6/15/2012 12:52:16 AM - System Checkpoint RP132: 6/18/2012 11:49:32 AM - System Checkpoint RP133: 6/19/2012 8:11:08 PM - System Checkpoint RP134: 6/22/2012 10:58:56 AM - System Checkpoint RP135: 6/24/2012 7:56:38 PM - System Checkpoint RP136: 7/4/2012 9:39:35 PM - System Checkpoint . ==== Installed Programs ====================== . 3ivx MPEG-4 5.0.3 (remove only) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.0.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Broadcom 802.11 Wireless LAN Adapter Default Manager FlipShare Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP BatteryCheck 2.10 A2 HP Doc Viewer HP Help and Support HP Mobile Broadband Setup Utility HP User Guides 0139 HP Wireless Assistant HpSdpAppCoreApp IDT Audio Intel® Graphics Media Accelerator Driver Java 6 Update 11 magicJack Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Live Search Toolbar Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSXML 6.0 Parser Picasa 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Skype Toolbars Skype™ 5.3 SMART BRO Spybot - Search & Destroy SUPERAntiSpyware Synaptics Pointing Device Driver syncables desktop Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 Card Reader Software Viewpoint Media Player WebFldrs XP Windows Backup Utility Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 7/5/2012 6:11:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 7/5/2012 6:06:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL 7/5/2012 6:05:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  10. My Internet Explorer kept closing down and when I rebooted I got numerous errors about my hard drive and purchasing some software to fix it. I was sure it was a virus of sometype. I rebotted into Safe Mode with Networking and when it booted up, my desktop was plank and start menu was pretty much gone. It also said that I had no restore points. I downloaded the latest Malwarebytes update and ran it. It found 2 virus files both entitled PUM.HIJACK.STARTMENU. I told it to remove them and Malwarebuyes said it succesfully did. I rebooted and I still had the same problems. I reran Malwarebytes and the same two files came up as still being on my computer. I told Malwarebytes to remove them (again) and it said that it did so successfully (again). I rebooted and it still all looks the same (bad). I haven't re-run Malwarebytes again yet (it take 90 minutes or more) but suspect that the files are still there. Any suggestions?
  11. Hi, I was wondering if anyone can tell me how harmful these detected threats are. (malware bytes log below) I have now cleaned/deleted the detected threats on this PC, and am in the process of doing a full clean up on this Windows XP SP3 machine and re install of antivirus (trend) This PC is used in a small organisation and does have sensitive information on it frequently. It is on a windows 2008 domain. No other PCs (knowingly seemed affected) Ive been asked by my Directors if any of these threats could be a key logger or anything more serious? Our company's anti virus is "Trend Micro Worry-Free Business Security Advanced" and was disabled (i didn't notice this for a week or so!) I ran malware bytes trial this morning as the PC was coming up with some weird errors, and after looking closer at the start up entries i noticed 2 weird values, which instantly sounded alarm bells 1. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe 2. C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe Can anyone offer any advice on what these threats are or may have done. I have looked up Trojan.agent, and it seems to be a malware threat that causes errors on your PC, then pushes you to buy rouge 'fix software'. I cant fine much explanation on what the other 2 will do... Many thanks in Advance ps, we are considering buying corporate Malwarebytes to scan and keep tabs on our entire network. (we would be after 25 licenses probably), is this just the pro version we install 25 times? or is there a web console interface to manage the whole lot from a single point? (like more business anti virus management consoles?) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 <maskedusername> :: <maskedcomputername> [administrator] Protection: Enabled 04/07/2012 10:48:05 mbam-log-2012-07-04 (10-48-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 242588 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5C039C6D-265D-0CCE-F087-FDA623520695} (Trojan.Agent.TBM) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{806D7BCF-83A9-8650-A913-6178B27FB63A} (Trojan.Agent) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Hilgraeve Inc (Packer.ModifiedUPX) -> Data: C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe (Trojan.Agent.TBM) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe (Packer.ModifiedUPX) -> Delete on reboot. (end)
  12. Fake "S.M.A.R.T Repair Trial Version Installed" and now at startup, Data Recovery screen along with many tiled System Messages - "Write Fault Error" shows up. Startup Menu and Desktop show nothing, therefore cannot access any folders or applications. Running MBAM (from Task Tray) repeatedly show PUM.Hijack.StartMenu and PUM.Hidden.Desktop, Trojan.QHost.Gen, Trojan.QHost.BG, Trojan.Agent.LTGen, Rootkit TDSS. More recently, Trojan.FakeAlert and Exploit.Drop.4 has been detected. They continue to appear after removal and quarantine. Nunerous attempts to Safe Start (F8) show Security Log Full and entering administrator's password will not work because it does not allow selection of my login domain anymore. Managed to access internet and reach you through MBAM's "About" tab with link to MBAM website. Below are my logs from 5/17 and 5/18. I will be running another scan after this message. Please advise if you need MBAM scan or protection log files. As indicated, the only way I am accessing internet is through the MBAM site. Thank you in advance, moonshadow56 **************************************** Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sshiigi :: DFB69GJ1 [administrator] Protection: Enabled 5/17/2012 10:28:57 AM mbam-log-2012-05-17 (10-28-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 461063 Time elapsed: 2 hour(s), 33 minute(s), 46 second(s) Memory Processes Detected: 1 C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe (Trojan.QHost.Gen) -> 4084 -> Delete on reboot. Memory Modules Detected: 1 C:\Documents and Settings\sshiigi\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe (Trojan.QHost.Gen) -> Delete on reboot. C:\Documents and Settings\sshiigi\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. (end) ******************************* Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sshiigi :: DFB69GJ1 [administrator] Protection: Enabled 5/18/2012 5:54:47 AM mbam-log-2012-05-18 (05-54-47).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 461653 Time elapsed: 1 hour(s), 54 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nscob (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\sshiigi\LOCALS~1\Temp\nscob.dll",MessageBoxChecked -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|npntv (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\sshiigi\LOCALS~1\Temp\npntv.dll",ComputeIMTFromPerTexelSignal -> Quarantined and deleted successfully. Registry Data Items Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP477\A0158918.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. (end)
  13. Hello, I've been trying to get rid of 2 nasty bugs that Malwarebytes keeps detecting and deleting called "PUM.Hijack.StartMenu". So far the bugs keep reappearing no matter how many time the malwarebytes is run. I've also tried running the scan with Windows Vista in Safe mode but it seems to have no effect. Any help that can be offered would be greatly appreciated. Attach.txt DDS.txt
  14. Hello, I'm seeking expert assistance with removal of the following malware on a Windows 7 machine. Trojan.FakeAlert Trojan.FakeMS PUM.Hijack.StartMenu (two registry entries) I initially observed a rapid series of cascading dialogs stating "Unable to Load Attrib.exe" ." I immediately cut power to the machine. On normal reboot I see a similar series of cascading dialogs stating "Disk Errors Found," then the machine restarts on its own. In safe mode most of my program icons were not visible and many folders were empty. I managed to run a full scan with mbam which found the 4 items as listed above. I quarantined them and did a normal reboot but the cascading error dialogs were still present and another scan with mbam in safe mode reveals the same threats. So they're still hiding out somewhere in this PC. After reading the FAQs and Tips section of the forum on another machine, I was able to unhide everything in safe mode, giving me to access the forum via Firefox. I am reluctant to do another normal reboot until I have taken additional action, per one of your expert's recommendations. The DDS output files below were obtained after running mbam and removing the threats. Please let me know if a normal reboot and rerun of DDS is needed. Thank you in advance for your time. Here's the dds.txt file: DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19 Run by Tom at 18:30:42 on 2012-01-22 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.7121 [GMT -5:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\notepad.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [tSUpODctlIrm.exe] C:\ProgramData\tSUpODctlIrm.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRunOnce: [GrpConv] grpconv -o StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\CORELF~1.LNK - C:\Program Files (x86)\Corel\Print House Magic\cffrem.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{E359A986-72D7-4EFE-8E38-051C9AA41F29} : DhcpNameServer = 10.0.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll BHO-X64: scriptproxy - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRunOnce-x64: [GrpConv] grpconv -o . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: XULRunner: {3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} - C:\Users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: XUL Cache: {86c56d72-0491-4ff9-a2a0-aa4a68b83970} - %profile%\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970} FF - Ext: XUL Cache: {0244c830-c8f9-491b-8d2a-f63a68b17c6a} - %profile%\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 208536] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 161168] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-30 656624] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-1-29 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-29 79360] S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664] S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 PaeFireStudio;PreSonus FireStudio;C:\Windows\system32\Drivers\PaeFireStudio.sys --> C:\Windows\system32\Drivers\PaeFireStudio.sys [?] S3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\system32\drivers\PaeFireStudioAudio.sys --> C:\Windows\system32\drivers\PaeFireStudioAudio.sys [?] S3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\system32\drivers\PaeFireStudioMidi.sys --> C:\Windows\system32\drivers\PaeFireStudioMidi.sys [?] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS64.sys --> C:\Windows\system32\DRIVERS\MarvinAVS64.sys [?] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-22 02:33:45 -------- d-sh--w- C:\found.000 2012-01-22 00:32:29 453512 ----a-w- C:\ProgramData\tSUpODctlIrm.exe 2012-01-11 11:32:48 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 11:32:47 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 11:32:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 11:32:45 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 11:32:41 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 11:32:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 11:32:36 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 11:32:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-01 17:25:10 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-01-01 17:25:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-01 17:25:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan . ==================== Find3M ==================== . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys 2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec 2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll . ============= FINISH: 18:30:53.32 =============== and attach.txt: DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/5/2010 9:25:26 PM System Uptime: 1/22/2012 4:41:41 PM (2 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2660/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 689 GiB total, 596.583 GiB free. D: is CDROM () E: is CDROM () H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: eHome Infrared Receiver (USBCIR) Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000 Manufacturer: Microsoft Name: eHome Infrared Receiver (USBCIR) PNP Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000 Service: usbcir . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: McAfee Inc. mfehidk Device ID: ROOT\LEGACY_MFEHIDK\0000 Manufacturer: Name: McAfee Inc. mfehidk PNP Device ID: ROOT\LEGACY_MFEHIDK\0000 Service: mfehidk . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . ==== System Restore Points =================== . RP125: 12/11/2011 1:20:23 PM - Scheduled Checkpoint RP126: 12/14/2011 10:57:51 PM - Windows Update RP127: 12/23/2011 10:47:35 AM - Scheduled Checkpoint RP128: 12/31/2011 10:42:37 AM - Scheduled Checkpoint RP129: 1/8/2012 9:58:58 AM - Scheduled Checkpoint RP130: 1/10/2012 9:46:42 PM - Windows Update RP131: 1/11/2012 7:57:22 AM - Windows Update RP132: 1/18/2012 8:27:29 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.7 Amazon MP3 Downloader 1.0.10 Apple Application Support Apple Software Update ASIO4ALL ATI Catalyst Control Center Bing Bar Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Corel Applications CorelDRAW 10 Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide Dell Support Center (Support Software) DirectXInstallService Dolby Digital Live Pack EMC 10 Content Emicsoft FLV Converter FLV to WMV Convert 2.7 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 i-Fun Viewer Internet TV for Windows Media Center Java Auto Updater Java™ 6 Update 19 Junk Mail filter update Knoll Light Factory EZ Studio Magic Bullet Looks Studio Malwarebytes Anti-Malware version 1.60.0.1800 McAfee Security Scan Plus McAfee SecurityCenter Microsoft Choice Guard Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox (3.6) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Octoshape add-in for Adobe Flash Player Pinnacle Studio 14 Pinnacle Studio Ultimate Collection Plugins PowerDVD DX QualXServ Service Agreement QuickTime RealPlayer RealUpgrade 1.0 Red Giant ToonIt Studio Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Skins Sonic CinePlayer Decoder Pack Sound Blaster X-Fi SureThing Express Labeler Trapcode 3DStroke Studio Trapcode Particular Studio Trapcode Shine Studio Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Flash WinX DVD Player 3.1.1 WinX DVD Ripper Platinum 6.3.5 WinX Free DVD Ripper 4.5.14 . ==== Event Viewer Messages From Past Week ======== . 1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 1/22/2012 6:41:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 6:41:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter spldr Wanarpv6 1/22/2012 5:11:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR10. 1/22/2012 5:11:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR9. 1/22/2012 5:10:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8. 1/22/2012 5:10:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7. 1/22/2012 5:10:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6. 1/22/2012 5:10:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5. 1/22/2012 5:09:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3. 1/22/2012 5:08:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 1/22/2012 5:08:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:45:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/22/2012 4:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/22/2012 4:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/22/2012 4:41:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr Tcpip tdx Wanarpv6 WfpLwf 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:54 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 11:13:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/21/2012 9:55:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 1/21/2012 9:55:49 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 1/21/2012 9:55:02 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 1/21/2012 9:52:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.