Jump to content

Search the Community

Showing results for tags 'Yontoo'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 20 results

  1. Hello, I am having an issue with my computer. Yontoo, identified as adware, continues to infect my pc. I use malwarebytes to scan and quarantine my pc multiple times a day to keep it running smoothly. I was wondering if there was a way to stop it from coming back. I have linked Farbar FRST and Addition in this message. Thank you for your time, FRST.txt Addition.txt
  2. Hello, I have looked at various post on how to remove yontoo with Malwarebytes and it has come to this. I have followed the steps posted here: https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ I went ahead and turned off sync for all 3 accounts tied to my Chrome, removed all search engines except Google, and RESET Chrome. I was able to remove 3 of the 4 infections tied to it but the one infection cannot be quarantined at all...... Any help would be GREATLY appreciated. I have also tried HitmanPro as I saw in older post as well. Thanks!
  3. Hi there, this is my first time posting on the forums. For the past couple of days, I've been having problems trying to get ride of thie malware called "Adware.Yontoo" and PUPcalled "PUP.Optional.Speedial". I've have premium which is quarantine it, but every time rescanning after a restart, its still getting picked up. I've tried safe mode and using hitman pro, which isn't showing any resaults for yontoo or speedial. So I was wandering if there any other options out there to fix this problem I'm having?
  4. Hello. I've tried uninstalling Chrome, resetting the data and running the malwarebytes free version scan - then i delete the quarantined results and restart the PC. After rescanning it once the computer has signed in i keep getting the same adware.yontoo appearing in the scanned results. See below; How can i make sure i remove this once and for all so it doesnt appear again? I've tried the MalwareBytes Adware cleaner - that has removed other stuff but this Adware.Yontoo is driving me insane. Please can anyone recommend what i should do? Thank you. j4v3d
  5. Since 2/20/17, scans have been detecting signs of PUP.Optional.Yontoo.ChrPRST which I believe to be a false positive. The scan I performed 24 hours prior did not show this detection and nothing of consequence was installed during that period that I can recall. When I quarantine the affected items, my Windows profile is significantly affected; therefore, I restored all quarantined items for the time being. I would appreciate it if someone can confirm this suspected false positive and make the appropriate adjustments to the signature files. Thanks. MBAM Yontoo FP.zip
  6. Tired of seeing PuP this in Malwarebyte scans. Here are the FRST files to start the ball rolling... FRST.txt Addition.txt
  7. Greetings, experts. I'm dealing with a real pain right now. System frequently blue screens with igdpmg64 error, Blue Coat K9 seizes everything up when I try to fix other issues, no known admin password for it and cannot uninstall without it. FRST Log and Addition Logs will not paste here no matter how hard I try....help! Thanks in advance. FRST.txt Addition.txt
  8. Have used a combination of Malware Bytes, Hitman Pro, Eset Online Scanner and Norton Online Scanner to remove/delete close to 200 infected files and/or registry keys (some of which are listed in the Topic Tags). Ran these a few months ago and thought I had things cleaned. Today I ran ADWCleaner and came up with about 50 infections - which I haven't cleaned. After ADW, I ran Malware Bytes and Farber Recovery Scan as suggested in the "I'm infected what do I do now" post. Malware Bytes quarantined a Yontoo PUP for me. I am copying the Farber logs for expert review. Also included the ADWCleaner log - which I have not cleaned - after the Farber logs. Based on my review of forum topics related to these types of malware, i did not run the recommended programs in a necessarily proper order. Am hoping someone might be able to use the Farber logs and the ADW screen shot to provide some assistance. I have the old Malware Bytes, Hitman and Eset logs I could provide if that would help. Any assistance greatly appreciated ! Sam Haber FRST Farber Log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by shaber (administrator) on LAPTOP on 18-05-2014 16:50:05Running from C:\Users\shaber\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe( ) C:\Windows\System32\dleacoms.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\escont.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Google Inc.) C:\Users\shaber\AppData\Local\Programs\Google\MusicManager\MusicManager.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Dell) C:\Users\shaber\AppData\Local\Apps\2.0\OGXX1OAO.Q30\NXTQME62.O5Z\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe(Dropbox, Inc.) C:\Users\shaber\AppData\Roaming\Dropbox\bin\Dropbox.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(6337)\ShwiconX.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Users\shaber\AppData\Local\Temp\dlm876A.tmp\adwcleaner.exe(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [766632 2009-07-10] ()HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [139944 2009-07-10] ()HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterHKLM-x32\...\Run: [Dell V310-V510 Series] => C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe [316072 2009-07-10] ()HKLM-x32\...\Run: [shwiconXP6377] => C:\Program Files (x86)\Multimedia Card Reader(6337)\ShwiconX.exe [237568 2009-01-05] (Alcor Micro Corp.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activexHKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [Google Update] => C:\Users\shaber\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeHKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [MusicManager] => C:\Users\shaber\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [iLivid] => "C:\Users\shaber\AppData\Local\iLivid\iLivid.exe" -autorunHKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [DellSystemDetect] => C:\Users\shaber\AppData\Local\Apps\2.0\OGXX1OAO.Q30\NXTQME62.O5Z\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-03-02] (Dell)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\MountPoints2: D - D:\autorun.exeHKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\MountPoints2: {b73aa86b-f9fa-11e1-b04d-a4badb9fc964} - E:\MotoCastSetup.exe -aHKU\S-1-5-21-2477104216-3071022368-541353855-1006\...\MountPoints2: {2068c34d-15b6-11df-b92e-806e6f6e6963} - D:\ice_age_pc.exeAppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not FoundAppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not FoundAppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not FoundAppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not FoundAppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not FoundIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browsemngr.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browsermngr.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exeIFEO\delta babylon.exe: [Debugger] tasklist.exeIFEO\delta tb.exe: [Debugger] tasklist.exeIFEO\delta2.exe: [Debugger] tasklist.exeIFEO\deltainstaller.exe: [Debugger] tasklist.exeIFEO\deltasetup.exe: [Debugger] tasklist.exeIFEO\deltatb.exe: [Debugger] tasklist.exeIFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exeIFEO\iminentsetup.exe: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\rjatydimofu.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\sweetimsetup.exe: [Debugger] tasklist.exeIFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exeStartup: C:\Users\Alana's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\shaber\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTIONHKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: lmhg7:80HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {5ECDE222-74A1-4D08-801D-188310A29496} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}SearchScopes: HKCU - {5ECDE222-74A1-4D08-801D-188310A29496} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}SearchScopes: HKCU - {712A47CD-7C1B-4406-A8B9-097F7F546B6D} URL = SearchScopes: HKCU - {C7E37EC4-3211-4744-B795-4CCB32984834} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll No FileBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll No FileBHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\shaber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xmlFF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-17]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-19]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-21]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-07]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-13]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-13] Chrome: =======CHR HomePage: CHR StartupUrls: "https://www.google.com/"CHR DefaultSearchKeyword: mcafeeCHR DefaultSearchProvider: McAfeeCHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US105&p={searchTerms}CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)CHR Plugin: (Skype Toolbars) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Unity Player) - C:\Users\shaber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Google Update) - C:\Users\shaber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]CHR Extension: (YouTube) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]CHR Extension: (Google Search) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]CHR Extension: (SiteAdvisor) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-12]CHR Extension: (Skype Click to Call) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-08]CHR Extension: (Google Wallet) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-20]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]CHR StartMenuInternet: Google Chrome - C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)S2 0016741400295544mcinstcleanup; C:\Windows\TEMP\001674~1.EXE [836168 2014-03-13] (McAfee, Inc.)R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-03] (WildTangent)R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [641352 2014-02-21] (Apple Inc.)R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 Office Depot PC Support Agent; C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [1005144 2014-01-22] (Support.com, Inc.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation)R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)S2 MCSTRM; No ImagePathR3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [93872 2009-08-05] (Sunbelt Software)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()S0 TfFsMon; system32\drivers\TfFsMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]S0 TfSysMon; system32\drivers\TfSysMon.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 16:50 - 2014-05-18 16:51 - 00035479 _____ () C:\Users\shaber\Downloads\FRST.txt2014-05-18 16:49 - 2014-05-18 16:50 - 00000000 ____D () C:\FRST2014-05-18 16:47 - 2014-05-18 16:48 - 02067456 _____ (Farbar) C:\Users\shaber\Downloads\FRST64.exe2014-05-18 16:43 - 2014-05-18 16:43 - 00001249 _____ () C:\Users\shaber\Documents\mbam 5-18-14.txt2014-05-18 10:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-05-18 10:35 - 2014-05-18 10:38 - 00000000 ____D () C:\AdwCleaner2014-05-18 10:33 - 2014-05-18 10:33 - 00929416 _____ (CNET Download.com) C:\Users\shaber\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe2014-05-17 15:42 - 2014-05-17 15:42 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\SUPERAntiSpyware.com2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-05-17 15:39 - 2014-05-17 15:40 - 19166520 _____ (SUPERAntiSpyware) C:\Users\shaber\Downloads\SUPERAntiSpyware.exe2014-05-15 22:21 - 2014-05-15 22:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\DropboxMaster2014-05-15 22:21 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-15 22:20 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-15 22:20 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-15 22:20 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-15 22:20 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-15 22:20 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-15 22:20 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-15 22:20 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-15 22:20 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-15 22:20 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-15 22:20 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-15 22:20 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-15 22:20 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-15 22:20 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-15 22:20 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-15 22:20 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-15 22:20 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-15 22:20 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-15 22:20 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-05-15 03:12 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-15 03:12 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-15 03:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-15 03:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-15 03:12 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-15 03:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 19:56 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-14 19:56 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-14 19:56 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 19:56 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-09 21:58 - 2014-05-18 16:38 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e.job2014-05-09 21:58 - 2014-05-17 22:03 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744.job2014-05-09 21:58 - 2014-05-09 21:58 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e2014-05-09 21:58 - 2014-05-09 21:58 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae57442014-05-06 03:01 - 2014-05-15 03:30 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieUserList2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieSiteList2014-04-27 08:31 - 2014-04-27 08:31 - 00000219 _____ () C:\Users\shaber\Desktop\Team Fortress 2.url2014-04-22 21:13 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys2014-04-20 22:59 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-04-20 22:59 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-20 22:59 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-04-20 22:59 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-04-20 22:59 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-20 22:59 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-20 22:59 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-20 22:59 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-20 22:59 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-04-20 22:59 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-04-20 22:59 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-04-20 22:59 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-04-20 22:59 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-04-20 22:59 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-20 22:59 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-04-20 22:59 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-20 22:59 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-04-20 22:59 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-04-20 22:59 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-20 22:59 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-20 22:59 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-20 22:59 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-20 22:59 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-04-20 22:59 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-20 22:59 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-04-20 22:59 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-04-20 22:59 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-04-20 22:59 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-20 22:59 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-04-20 22:59 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-04-20 22:59 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-20 22:59 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-04-20 22:59 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-20 22:59 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-04-20 22:59 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-20 22:59 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-20 22:59 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-04-20 22:59 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-04-20 22:59 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-20 22:59 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-20 22:58 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-20 22:58 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-20 22:58 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-20 22:58 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-20 18:31 - 2014-04-20 18:01 - 00007142 _____ () C:\Users\shaber\ipconfig.all.txt ==================== One Month Modified Files and Folders ======= 2014-05-18 16:51 - 2014-05-18 16:50 - 00035479 _____ () C:\Users\shaber\Downloads\FRST.txt2014-05-18 16:51 - 2014-03-02 19:46 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask2014-05-18 16:50 - 2014-05-18 16:49 - 00000000 ____D () C:\FRST2014-05-18 16:48 - 2014-05-18 16:47 - 02067456 _____ (Farbar) C:\Users\shaber\Downloads\FRST64.exe2014-05-18 16:47 - 2013-05-13 18:09 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk2014-05-18 16:47 - 2013-05-13 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-05-18 16:43 - 2014-05-18 16:43 - 00001249 _____ () C:\Users\shaber\Documents\mbam 5-18-14.txt2014-05-18 16:38 - 2014-05-09 21:58 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e.job2014-05-18 16:38 - 2009-07-14 01:10 - 01530584 _____ () C:\Windows\WindowsUpdate.log2014-05-18 12:54 - 2014-04-05 18:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-18 12:10 - 2012-09-20 20:01 - 00089088 ___SH () C:\Users\shaber\Documents\Thumbs.db2014-05-18 10:38 - 2014-05-18 10:35 - 00000000 ____D () C:\AdwCleaner2014-05-18 10:33 - 2014-05-18 10:33 - 00929416 _____ (CNET Download.com) C:\Users\shaber\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe2014-05-18 00:48 - 2010-03-24 22:30 - 00149899 _____ () C:\ProgramData\dlea.log2014-05-18 00:47 - 2014-03-02 22:05 - 00000000 ____D () C:\ProgramData\Norton2014-05-18 00:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-18 00:18 - 2010-11-16 22:33 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C423BC85-4ABA-45D3-93BE-2C22D1DA1204}2014-05-17 22:03 - 2014-05-09 21:58 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744.job2014-05-17 22:00 - 2014-03-22 16:49 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\QuickScan2014-05-17 15:42 - 2014-05-17 15:42 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\SUPERAntiSpyware.com2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-05-17 15:40 - 2014-05-17 15:39 - 19166520 _____ (SUPERAntiSpyware) C:\Users\shaber\Downloads\SUPERAntiSpyware.exe2014-05-16 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-05-16 22:58 - 2012-12-12 20:08 - 00000000 ____D () C:\Program Files\Common Files\McAfee2014-05-16 22:49 - 2013-06-20 21:47 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Dropbox2014-05-15 22:53 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-15 22:53 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-15 22:48 - 2013-06-20 21:51 - 00000000 ___RD () C:\Users\shaber\Dropbox2014-05-15 22:48 - 2013-05-13 18:08 - 00000000 __RSD () C:\Users\shaber\Documents\McAfee Vaults2014-05-15 22:46 - 2010-03-24 21:22 - 00158283 _____ () C:\ProgramData\dleascan.log2014-05-15 22:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-15 22:43 - 2013-04-09 21:45 - 00017887 _____ () C:\Windows\setupact.log2014-05-15 22:21 - 2014-05-15 22:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\DropboxMaster2014-05-15 22:21 - 2013-06-20 21:51 - 00001022 _____ () C:\Users\shaber\Desktop\Dropbox.lnk2014-05-15 22:21 - 2013-06-20 21:48 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-15 22:21 - 2010-02-16 23:35 - 00000000 ___RD () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-15 21:48 - 2011-06-15 16:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-15 19:44 - 2010-02-16 23:39 - 00000000 ___RD () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-15 03:31 - 2010-02-09 16:03 - 01159958 _____ () C:\Windows\PFRO.log2014-05-15 03:30 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-15 03:12 - 2010-02-09 14:22 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-15 03:11 - 2013-07-19 03:01 - 00000000 ____D () C:\Windows\system32\MRT2014-05-15 03:07 - 2010-03-06 07:41 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-14 19:42 - 2012-03-22 18:13 - 00000000 ____D () C:\ProgramData\Sonos,_Inc2014-05-13 20:21 - 2013-12-23 11:01 - 00000000 ____D () C:\Program Files (x86)\Steam2014-05-11 16:37 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\Office Depot PC Support Agent2014-05-09 21:58 - 2014-05-09 21:58 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e2014-05-09 21:58 - 2014-05-09 21:58 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae57442014-05-09 02:14 - 2014-05-14 19:56 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-09 02:11 - 2014-05-14 19:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-06 00:40 - 2014-05-15 03:12 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-06 00:17 - 2014-05-15 03:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-05 23:25 - 2014-05-15 03:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-05 23:07 - 2014-05-15 03:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-05 23:00 - 2014-05-15 03:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-05 22:10 - 2014-05-15 03:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieUserList2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieSiteList2014-04-27 08:31 - 2014-04-27 08:31 - 00000219 _____ () C:\Users\shaber\Desktop\Team Fortress 2.url2014-04-27 08:31 - 2013-12-23 11:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-04-24 17:31 - 2012-10-08 08:03 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\.minecraft2014-04-22 12:19 - 2013-02-24 20:45 - 00000000 ____D () C:\Users\shaber\Documents\Jake2014-04-21 12:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-04-20 22:47 - 2013-10-08 20:04 - 00000000 ____D () C:\Program Files\HitmanPro2014-04-20 18:31 - 2010-02-16 23:35 - 00000000 ____D () C:\Users\shaber2014-04-20 18:01 - 2014-04-20 18:31 - 00007142 _____ () C:\Users\shaber\ipconfig.all.txt2014-04-20 14:42 - 2010-05-05 03:34 - 00000000 ____D () C:\Users\shaber\Documents\Jackie2014-04-19 09:26 - 2013-12-31 21:27 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-04-19 09:08 - 2009-07-14 01:13 - 00831090 _____ () C:\Windows\system32\PerfStringBackup.INI Some content of TEMP:====================C:\Users\shaber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxkmhz.dllC:\Users\shaber\AppData\Local\Temp\Quarantine.exeC:\Users\shaber\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_10225.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-15 22:20] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-15 04:01 ==================== End Of Log ============================ AdwCleanerR0.txt Addition.txt
  9. Malwarebytes keeps finding these files. I quarantine but scans after reboot show same yontoo files. I ran the Farbar scan and have attached the scan reports Thanks Addition.txt FRST.txt
  10. Hi! I stumbled upon your site while trying to find help online, hope you can help me. So, my laptop has been running really weirdly for some time now, and i have only mediocre(next to nothing) skills in these matters myself. It has not been this bad never before, there is this message that keeps on popping again and again, i tried blocking it (the application) but it does not respond to that in any way. the message windows gives me is that an appplication called yontoo is trying to do something, and it gives me two options, to allow it to do whatever it is it wants to do, or deny, i keep on clicking deny acces, but the message just keeps on popping up. What can i do, to help you help me? Thank you very much!
  11. Seems Yontoo has been downloaded onto my comuter. After looking into it a bit online I found out that it is malware(and has been causing that annoying drop down deals that has appeared a few days ago). Anyone know a program that can kill it off?
  12. Hi, I have been doing a clean up of my laptop, but I have come across one program called Yontoo 2.053. After a quick google, I established it was malware, but when I tried to uninstall it via the control panel, it just came up with an error "Setup initialization error". Any help would be greatly appreciated! Many thanks
  13. I continuosly have popups at the bottom and right of my screen on almost every site and it is always topic torch, aka, yontoo. serches have shown this to be a virus that others have dealt with on this forum. Will someone help me with this please?
  14. Hey I have had the yontoo virus for quite some time now, I believe it was downloaded through Google chrome. Malwarebytes always picks up the infected files but can not seem to remove them. I have also run roguekiller to no avail. When prompted to re-start the computer I do and when it re-boots I re-run MBAM but it continues to pick up the same infected files without eradicating them. I have browsed the forums and tried a few of the suggested solutions but it seems that each solution is specific to the file logs posted by the user. Any help would be truly appreciated as I have been trying to rid my PC of this for nearly a month. Thanks! (P.s. I don't know much about computers other than the everyday applications) -Krysten
  15. Hello everytime I load windows I get an aplication error about yontoodesktop.. I dont know what this is can someone please help me get rid of it?
  16. Can't seem to remove Yontoo, any suggestions? L
  17. Hi I found this thread and it describes everything that I am going through with my computer right now. http://forums.malwarebytes.org/index.php?showtopic=113649 I found Yontoo and I can not remove it. Can you provide some help? "Upon recent browsing of various internets, i recentally discoverd that random words in variousonline documents were being underlined and higlighted, which then produced an obvious virus ad whenever the mouse hoverd over the words. After some light research I discoverd the suposed virus was called EasyInline, which was published by Yontoo LLC, and to my shock a program of the same name had appeared on my C drive. I have no idea what that program is or what it does, but i strongly believe it may be a virus of some sort. What is it and how do I get rid of it. Please help!"
  18. Hi, I have asked around on Blender forums, installed old versions, uninstalled them, multiple times, updated drivers, done disk checks...and still Blender is effectively useless. It take about 10 times as long as before to start, and ANY commands put it into a "not responding " state for the next 5 minutes EVERY time. While it is by far the most effected program (and the one I need the most for work ) many programs are behaving strangely, blinking to the desktop when windows are clicked, and especially dropdown menues immediately closing when I try to change the file types for saving. I have Bit Defender 2013 and Driver updater, but now I see I have Yontoo ( and uTorrent ) which caused me to find this forum. My drivers should be completely up to the minute as all I checked were, and Bit Defender say everything is fins, when clearly something is very not fine. I tried to restore my computer but the oldest restore point is just a week old, so now, honestly can"t think of anything else to do, shy of MANUALLY uninstalling everything back about 2 weeks, which I'm not sure how to do and in the last two weeks would be a LOT of work. I HAVE TO SOLVE this issue or my computer effectively become a 3 month old $2000 paperweight wrt my most important software by far ( Blender ), but the problem seems to be growing to other programs as indicated by general system blinkiness. Please help me find a solution. Thanks, Tim
  19. Greetings experts! I've got a system now that was brought to me to cure an incessant rebooting/blue screen issue. Based on the owner's description of known activities prior to the time that this issue started, I suspected trojans and confirmed that preliminary diagnosis via MBAM. I see that the malware is preventing installation of SP3 (Error FFFFFFE), and MSE has discovered Trojan:Dos/Alureon.A (not found by MBAM). So, with no further ado, here we go! DDS Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jean at 14:26:36 on 2012-09-24 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1959 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\PLFSetI.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Jean\AppData\Roaming\Qwiklinx\Qwiklinx.dll BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [eBook Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" StartupFolder: C:\Users\Jean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: intuit.com\ttlc Trusted Zone: soe.com Trusted Zone: sony.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C} : DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\353627160737 : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\361627D696E656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\E4544574541425 : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Jean\AppData\Roaming\Qwiklinx\Qwiklinx.dll BHO-X64: Qwiklinx - No File BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO-X64: SpecialSavings - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [eBook Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe mRun-x64: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\bqy638yc.default\ FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Jean\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2011-6-2 104424] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-3 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250288] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-24 114144] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-3 225280] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-24 20:15:16 -------- d-----w- C:\Users\Jean\AppData\Local\Mozilla 2012-09-24 17:13:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62B69180-6710-4CB7-B56E-B9CA8A91D06E}\offreg.dll 2012-09-24 17:10:40 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62B69180-6710-4CB7-B56E-B9CA8A91D06E}\mpengine.dll 2012-09-24 01:31:51 20480 ----a-w- C:\Windows\svchost.exe 2012-09-24 00:43:53 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-09-23 22:01:43 -------- d-----w- C:\Users\Jean\AppData\Roaming\Malwarebytes 2012-09-23 22:01:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-23 21:57:31 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-09-23 21:57:31 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-09-23 21:57:17 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-09-23 21:57:17 67584 ----a-w- C:\Windows\splwow64.exe 2012-09-23 21:57:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-09-23 21:57:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-09-23 21:57:07 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-23 21:57:07 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-23 21:56:53 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-09-23 21:56:53 41472 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-09-23 21:56:53 136704 ----a-w- C:\Windows\System32\browser.dll 2012-09-23 21:56:49 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-09-23 21:56:40 956416 ----a-w- C:\Windows\System32\localspl.dll 2012-09-23 18:28:13 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-23 18:28:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 18:27:29 -------- d-----w- C:\886402493004868d5e 2012-09-23 18:19:03 -------- d-----w- C:\Windows\pss 2012-09-22 21:12:55 -------- d-----w- C:\Windows\System32\drivers\N360x64 2012-09-22 21:12:54 -------- d-----w- C:\Program Files (x86)\Norton Security Suite 2012-09-22 19:16:06 754824 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2012-09-21 20:33:57 4096000 ----a-w- C:\Program Files (x86)\GUTC783.tmp 2012-09-14 20:46:22 -------- d--h--w- C:\Users\Jean\AppData\Roaming\578EEF29 . ==================== Find3M ==================== . 2012-09-21 21:33:17 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 21:33:17 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-22 04:07:30 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS . ============= FINISH: 14:27:55.75 =============== Attach Log (not attached per note in forum opening pinned topic). . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/25/2009 10:02:11 AM System Uptime: 9/24/2012 8:37:03 AM (6 hours ago) . Motherboard: Gateway | | SJV50TR Processor: AMD Athlon™ II Dual-Core M300 | Socket S1G3 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 194.027 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP336: 9/22/2012 1:13:38 PM - Windows Update RP337: 9/23/2012 12:26:01 PM - Windows Update RP338: 9/23/2012 6:44:55 PM - Revo Uninstaller's restore point - AVG Security Toolbar RP339: 9/23/2012 6:48:26 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer RP340: 9/23/2012 7:25:06 PM - Revo Uninstaller's restore point - Smart PC Cleaner v3.0 RP341: 9/23/2012 9:05:49 PM - Windows Update RP342: 9/24/2012 11:35:11 AM - Revo Uninstaller's restore point - DefaultTab Chrome RP343: 9/24/2012 11:57:08 AM - Revo Uninstaller's restore point - DefaultTab RP344: 9/24/2012 12:01:46 PM - Revo Uninstaller's restore point - Google Chrome RP345: 9/24/2012 12:09:58 PM - Revo Uninstaller's restore point - Qwiklinx RP346: 9/24/2012 12:16:08 PM - Revo Uninstaller's restore point - Shop To Win RP347: 9/24/2012 12:22:45 PM - Revo Uninstaller's restore point - Java™ 6 Update 31 RP348: 9/24/2012 12:23:17 PM - Removed Java™ 6 Update 31 RP349: 9/24/2012 12:28:11 PM - Revo Uninstaller's restore point - Yahoo! Toolbar RP350: 9/24/2012 12:34:43 PM - Revo Uninstaller's restore point - Skype Toolbars RP351: 9/24/2012 12:36:15 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus RP352: 9/24/2012 12:42:19 PM - Windows Update RP353: 9/24/2012 1:09:48 PM - Windows Update RP354: 9/24/2012 1:35:54 PM - Windows Update . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader 9.3 MUI Adobe Shockwave Player 11.6 Advertising Center AMD USB Filter Driver Any Video Converter 3.4.0 Apple Application Support Apple Software Update Audacity 1.3.12 Backup Manager Basic Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system CricutSync CyberLink Power2Go CyberLink PowerDVD 8 D3DX10 DC Universe Online Live DING! DolbyFiles eBay Worldwide EPSON USB Display Flixster Collections Gateway Games Gateway InfoCentre Gateway MyBackup Gateway Power Management Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Earth Google Update Helper HP Photo Creations HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential Identity Card ImagXpress Junk Mail filter update Launch Manager LightScribe System Software Malwarebytes Anti-Malware version 1.65.0.1400 Menu Templates - Starter Kit Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Move Media Player Movie Templates - Starter Kit Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero 9 Trial Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero Vision Help NeroExpress neroxml Norton Online Backup Punch! Home Design - Platinum QuickTime Reader Library by Sony Realtek USB 2.0 Card Reader Revo Uninstaller 1.94 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype™ 5.1 SmartFTP Client Setup Files 4.0 (x64) (remove only) SpecialSavings TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnmiper TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Video Web Camera Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Install Manager Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 9/24/2012 8:38:47 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 9/24/2012 1:36:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932). 9/23/2012 3:49:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect. 9/23/2012 3:49:04 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/23/2012 3:45:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a0117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092312-27877-01. 9/23/2012 3:43:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 9/23/2012 3:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/23/2012 12:20:34 PM, Error: amdsata [11] - The driver detected a controller error on \Device\RaidPort0. 9/23/2012 12:18:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/23/2012 12:15:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/23/2012 12:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/23/2012 12:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/23/2012 12:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/23/2012 12:15:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 9/23/2012 12:14:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003054117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092312-23415-01. 9/22/2012 8:29:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON Wanarpv6 9/22/2012 8:29:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000047ab, 0x0000000000000002, 0x0000000000000001, 0xfffff80003064995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092212-22167-01. 9/22/2012 8:25:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Security Suite service to connect. 9/22/2012 8:25:50 PM, Error: Service Control Manager [7000] - The Norton Security Suite service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/22/2012 1:15:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool x64 - September 2012 (KB890830). 9/22/2012 1:09:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309d995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092212-30841-01. 9/21/2012 4:02:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000400000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309b995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-40451-01. 9/21/2012 4:00:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 9/21/2012 4:00:25 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/21/2012 3:33:09 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 9/21/2012 2:53:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP 9/21/2012 2:52:46 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 9/21/2012 2:51:53 PM, Error: SRTSP [5] - 9/21/2012 2:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 9/21/2012 2:37:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/21/2012 2:36:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/21/2012 2:36:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030d8136). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-35381-01. 9/21/2012 2:36:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:14:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 9/21/2012 2:14:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 9/21/2012 2:12:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003056117, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-34179-01. 9/21/2012 2:09:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003063117, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-86923-01. 9/21/2012 12:24:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 9/20/2012 7:10:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 9/20/2012 7:10:13 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 4:07:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 9/20/2012 4:02:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309f8fe). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-25116-01. 9/20/2012 4:00:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 9/20/2012 4:00:30 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 2:35:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003069995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-33836-01. 9/20/2012 2:26:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000305f995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-89279-01. 9/20/2012 2:17:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 9/20/2012 2:17:04 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 2:16:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006a6e3a8, 0xfffff88006a6dc10, 0xfffff88001495825). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-73102-01. . ==== End Of File ===========================
  20. Upon recent browsing of various internets, i recentally discoverd that random words in variousonline documents were being underlined and higlighted, which then produced an obvious virus ad whenever the mouse hoverd over the words. After some light research I discoverd the suposed virus was called EasyInline, which was published by Yontoo LLC, and to my shock a program of the same name had appeared on my C drive. I have no idea what that program is or what it does, but i strongly believe it may be a virus of some sort. What is it and how do I get rid of it. Please help! DDS and Attach logs have been attached. DDS.txt Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.