Jump to content

Search the Community

Showing results for tags 'agent'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 19 results

  1. I need help getting rid of these Trojans iv'e tried deleting them but they reappear! Addition_04-08-2017 20.06.53.txt FRST_04-08-2017 20.06.53.txt Malwarebytes threat scan log.txt
  2. A few days ago I ran a scan and it found what it called Rootkit.Agent in the location C:\WINDOWS\SYSTEM32\WINDOWS and that is all that it told me. It was just a folder named Windows. My PC has not been acting strangely, and it quarantined the threat with no trouble and then I deleted it. I ran a full custom scan with rootkits turned on and it found nothing. I ran Malwarebytes anti-rootkit and it also found nothing. Is my computer safe? Here's my log: -Log Details- Scan Date: 7/31/17 Scan Time: 12:26 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2468 License: Free -System Information- OS: Windows 10 (Build 15063.483) CPU: x64 File System: NTFS User: DESKTOP\Stuart -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 376357 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 1 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Rootkit.Agent, C:\WINDOWS\SYSTEM32\WINDOWS, Quarantined, [1273], [205059],1.0.2468 Physical Sector: 0 (No malicious items detected) (end)
  3. Hello all! I am using Bandizip for some years without any problems. Updated now to the current v 6.07. Using Malwarebytes v. 3.06 (Premium) as well. Suddenly (now 2 times) Malwarebytes considers it as Malware.Ransom.Agent.Generic and quaranteed it immediately. have approached Bandisoft developer and confirmed that there is no malware! must be a f/p. and here follows the log file:----> Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/17/17 Protection Event Time: 3:09 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1956 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Bandizip\Bandizip.exe, Quarantined, [0], [-1],0.0.0 (end) could you check it. thanks
  4. Double Agent is capable of infecting and hijacking antivirus programs and turning them into malware they have you as their next target. the user interface changes on every antivirus it hacks and says and I quote "You got hacked" it also gives you 4 user interface options malware spyware ransomware destruction It must not be allowed to infect your amazing security software, please destroy that virus
  5. Hello, my dad bought a tablet a few months ago. Since the beginning, it showed random ads. I scanned with malwarebytes, and it found some malware called "Android/Trojan.Dropper.Agent.cq" and "Android/Trojan.Coudw.a". When i press the Delete button, it says "Uninstall unsuccessful.". I tried factory resetting the tablet, but even after that they still show up. Any help? (Android 5.1, MediaTek tablet bought on "Mini in the box".) -Danielle
  6. Hello, i was direct by the support team to post here regarding false positives or asking if a file is really a trojan, i have tried to install Socks Proxy Checker 1.15 through their setup that i downloaded from http://www.socksproxychecker.com/ after installing the setup i had MWB detecting SPC.exe as a trojan.agent.msil i am attaching the logs and setup file. MD5:630cbcaa946e26a91c9207970643901c SHA1:3348062de8b6a0ff4cb812ed9195c9ff59f92050 can you please confirm the status of this software? thanks SPC_detected.txt SPC_setup.zip
  7. MalwareBytes gives me warnings up to a few times per day about Trojan.Agent.ENM being discovered and quarentined. I am running NAV, MB, and RUBotted. Can anyone help me remove this infection? I ran FRST and attached the resultant files. I am running Stinger right now. Addition.txt FRST.txt
  8. My Malwarebytes Anti Malware keeps popping up saying it has blocked an quarantined a threat: C:\Windows\svchost.exe Trojan.Angent These are the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Mtume at 11:08:21 on 2013-03-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1888 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Users\Mtume\AppData\Local\Akamai\netsession_win.exe C:\Users\Mtume\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpgreetingrule1 uProxyOverride = <local>;*.local BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Akamai NetSession Interface] "C:\Users\Mtume\AppData\Local\Akamai\netsession_win.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uacwireless.gmu.edu/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 75.75.75.75 8.8.8.8 TCP: Interfaces\{48FFF33A-7E22-4FE7-A15A-5D5C0808C606} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474} : DHCPNameServer = 75.75.75.75 8.8.8.8 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\2375942554732343 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\24C414A554E45445 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\74564795F65727F477E675966696 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\94E6475627E6564753 : DHCPNameServer = 75.75.75.75 8.8.8.8 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\D416272796F64747 : DHCPNameServer = 8.8.8.8 4.2.2.4 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\D416272796F64747F57455543545 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{EADE790B-F753-4E1C-9ABB-B4BCE1A5B474}\D42425D2269353 : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\System32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [2013-3-29 167048] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-30 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-30 682344] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2013-3-29 138232] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-8 132056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-6-2 126392] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-2 2656280] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-6-2 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-30 24176] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-2 38096] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-6-2 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-6-2 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EraserSvc11220;Symantec Eraser Service;"C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe" /h ccCommon --> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-2 243712] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-30 12:59:05 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-30 12:26:46 98816 ----a-w- C:\windows\sed.exe 2013-03-30 12:26:46 256000 ----a-w- C:\windows\PEV.exe 2013-03-30 12:26:46 208896 ----a-w- C:\windows\MBR.exe 2013-03-30 09:39:59 -------- d-----w- C:\Users\Mtume\AppData\Roaming\Malwarebytes 2013-03-30 09:39:35 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-30 09:39:34 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-30 09:39:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-30 05:13:39 -------- d-----w- C:\windows\System32\drivers\N360x64\1403000.024 2013-03-30 04:23:38 -------- d-----w- C:\Users\Mtume\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} 2013-03-30 04:10:19 -------- d-----w- C:\ProgramData\Virtualized Applications 2013-03-30 02:38:27 167048 ----a-r- C:\windows\System32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys 2013-03-30 02:38:22 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64\0201020.00D 2013-03-30 02:38:22 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64 2013-03-30 02:38:22 -------- d-----w- C:\Program Files (x86)\Norton Management 2013-03-29 12:53:20 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2013-03-26 01:27:09 -------- d-----w- C:\Users\Mtume\AppData\Local\{C2BB9D68-837F-4C1C-B98F-BE5D8FB8580C} 2013-03-13 03:09:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2013-03-10 01:00:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-03-07 10:14:55 -------- d-----w- C:\Users\Mtume\AppData\Local\{75328E5D-3558-4771-8168-071CF895A076} 2013-03-05 22:04:25 -------- d-----w- C:\Users\Mtume\AppData\Roaming\WindowsDatabase . ==================== Find3M ==================== . 2013-03-09 17:44:31 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-09 17:44:31 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll 2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll 2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2013-01-01 02:19:35 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2013-01-01 02:19:35 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll . ============= FINISH: 11:09:02.42 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/2/2012 2:49:17 AM System Uptime: 3/30/2013 8:58:08 AM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU | 2200/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 500.551 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP69: 3/25/2013 3:06:39 AM - Windows Update RP70: 3/29/2013 7:22:10 AM - Restore Operation RP71: 3/30/2013 1:17:15 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X MUI Akamai NetSession Interface Amazon Links Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atlantica Bonjour Conexant HD Audio D3DX10 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iTunes Java Auto Updater Java™ 6 Update 25 Juniper Networks, Inc. Setup Client Juniper Networks, Inc. Setup Client 64-bit Activex Control Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 Nexon Game Manager Norton Management Norton PC Checkup Pando Media Booster PlayReady PC Runtime amd64 PlayReady PC Runtime x86 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek USB 2.0 Card Reader Realtek WLAN Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype Launcher Skype™ 5.10 Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBARegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 3/30/2013 8:58:32 AM, Error: Service Control Manager [7000] - The Symantec Eraser Service service failed to start due to the following error: The system cannot find the file specified. 3/30/2013 8:42:25 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/30/2013 8:39:21 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 3/30/2013 8:21:53 AM, Error: Service Control Manager [7031] - The Norton Management service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/30/2013 8:21:53 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/30/2013 8:21:52 AM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/30/2013 7:24:06 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected. 3/29/2013 8:37:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_MCLIENT ccSet_N360 SymIRON 3/29/2013 8:07:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 3/29/2013 7:56:34 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/29/2013 7:51:55 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 3/29/2013 10:34:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dcfcda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032913-35271-01. 3/29/2013 10:34:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ccSet_MCLIENT 3/25/2013 3:19:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 3/25/2013 3:01:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a6026b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032513-54849-01. 3/24/2013 5:13:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. . ==== End Of File ===========================
  9. My kids' computer crashed last night. It's a Dell XPS 430 running windows 7. It normally runs like a champ, rarely have any issues with it. When I took a look at it, it was very slow to reboot, and within a minute or two of it reloading everything, it would crash again. I get messages that files are missing (including the hard drive at one point), ie 9 won't run, and it is incredibly slow. It does not crash in safe mode. Managed to get mbam on and ran it. It identified several copies of trojan.agent and trojan.redirrdll. It got rid of the redirdll, but every time it reboots, trojan.agent is still there. Tried several things, including steps from another post in this forum. I was able to run security check, adwcleaner and roguekiller without it crashing. All found threats, but don't seem to be removing the bugger. I tried to run tdsskiller, but it crashes halfway through, and now it's back to crashing as soon as it's back up again (in regular mode) - it doesn't give me enough time to download or run anything before it crashes again. Tried running tdsskiller in safe mode once, with no success. It didn't come up automatically like it did in regular mode, after I checked 'loaded modules' and it rebooted, so perhaps there's another step? Any help will be greatly appreciated! I have 2 teenagers who aren't happy about being offline!
  10. Whats going on with the Malwarebytes? I have always had it and it worked great! Now all of a sudden it doesnt seem to want to work the right way ... and every time I tried to use it it would tell me that it had an updated that it needed from 70 something days ago .. and then when I tried to update it , it then gave me an error. SO .. I have since clicked mbam-clean.exe and run it which it has uninstalled the program from my computer. I then re-installed it and I am now running a full scan. However with that being said I am NOW getting tons of pop ups all of a sudden that is saying : Malwarebytes has blocked and quarantied a threat: c:/Windows/scvhost.exe Trojan.Agent. I have probably got one after another at least 100 little pop ups that come up at the bottom right hand side of my computer through out the time it is doing a full scan. HELP ! Why am I all of a sudden getting all these pop ups one after another, and what are they ????? Please help me asap. P.S - I am including a screen shot of what the pop up looks like and what it says. Just look for the red arrow in my screen shot and at where it is pointing to ..... Also please inbox me if you dont mind to tell me what is going on , cause I'm afraid I will not be able to find this post again.
  11. I need help with removing this Trojan and making sure that my computer is Threat Free. I cannot seem to fix it on my own. Malwarebytes detects it each scan and "removes" it but it does not. Please help... I cannot replace this laptop. It is my Lifeline....Thanks a Lot!
  12. I recently purchased Malwarebytes Anti-Malware pro. and it found several things and removed several things. I have one that keeps comeing back after every scan. It always says it will be removed after reboot so I reboot and rescan and it is back. Its Trojan.Agent and its C:\Windows\svchost.exe I am not extremely computer savy but I can follow directions. Here are my dds logs some instructions say to post the attach log and some say don't....So I will wait for a reply. . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\lxcgcoms.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Program Files (x86)\internet explorer\iexplore.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Facebook Update] "C:\Users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [<NO NAME>] mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: bmnet.dll LSP: mswsock.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282} : DhcpNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\1557965647D41607C656D27657563747 : DhcpNameServer = 192.168.33.1 97.81.22.195 71.92.29.130 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\16474777966696 : DhcpNameServer = 192.168.5.1 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\2375942554133303 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\2375942554439363 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\2456C6B696E6F574F575962756C6563737F5935323735464 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\4513E4D493 : DhcpNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{BD700DF6-84D0-47A5-BED0-EC1FF12F1282}\C696E6B6379737 : DhcpNameServer = 8.8.8.8 8.8.4.4 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [(Default)] mRun-x64: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-2-8 8454064] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-30 655944] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 656624] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-3-3 428640] R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S1 fmhmavuz;fmhmavuz;\??\C:\Windows\system32\drivers\fmhmavuz.sys --> C:\Windows\system32\drivers\fmhmavuz.sys [?] S1 pwwcyily;pwwcyily;\??\C:\Windows\system32\drivers\pwwcyily.sys --> C:\Windows\system32\drivers\pwwcyily.sys [?] S1 rsljneae;rsljneae;\??\C:\Windows\system32\drivers\rsljneae.sys --> C:\Windows\system32\drivers\rsljneae.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2008-11-20 125440] S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?] S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\system32\DRIVERS\swnc8u80.sys --> C:\Windows\system32\DRIVERS\swnc8u80.sys [?] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\system32\DRIVERS\swumx80.sys --> C:\Windows\system32\DRIVERS\swumx80.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-02 22:12:35 20480 ----a-w- C:\Windows\svchost.exe 2012-08-31 01:37:53 -------- d-----w- C:\Users\Drew\AppData\Roaming\Malwarebytes 2012-08-31 00:29:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-31 00:29:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-31 00:29:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-27 14:17:50 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2012-08-21 14:09:42 -------- d-----w- C:\CCE_Quarantine 2012-08-21 03:27:23 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-21 03:24:44 -------- d-----w- C:\8837270a1fd31f4a17 2012-08-17 05:44:10 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-08-16 20:05:44 50392 ----a-w- C:\Windows\System32\drivers\fmhmavuz.sys 2012-08-16 20:05:26 50392 ----a-w- C:\Windows\System32\drivers\rsljneae.sys 2012-08-16 19:58:27 50392 ----a-w- C:\Windows\System32\drivers\pwwcyily.sys 2012-08-16 18:26:53 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F4923F8-55DF-40FD-8303-8D0D51CAAB0D}\mpengine.dll 2012-08-13 15:11:58 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-08-13 15:08:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-13 15:06:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-08-13 15:06:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-08-13 15:06:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-08-13 15:06:02 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-08-13 15:06:02 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-08-13 15:06:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-08-13 15:05:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-08-13 15:05:55 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-08-13 15:05:55 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-08-13 15:05:55 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-08-13 15:05:55 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-08-13 15:05:55 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-08-13 15:05:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-08-13 15:05:55 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-08-13 15:05:55 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys . ==================== Find3M ==================== . 2012-06-17 19:56:51 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2012-06-17 19:56:51 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2012-06-17 19:56:51 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2012-06-17 19:56:51 0 ----a-w- C:\Windows\System32\dlumd9.dll 2012-06-17 19:56:51 0 ----a-w- C:\Windows\System32\dlumd11.dll 2012-06-17 19:56:51 0 ----a-w- C:\Windows\System32\dlumd10.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll . ============= FINISH: 22:49:16.74 ===============
  13. My computer started to act funny a couple of days ago and it appears that trojans have invaded my system. The particular trojans are bc miner as well as ransom trojan and an agent trojan that are both in the registry. What should I do in order to get rid of the infections?
  14. Hi, I have the full version of Malwarebytes Aniti Malware HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. However when I reboot my PC my computer is reinfected. Do you know how I can remove this "Trojan.Agent"? Possibly edit the registry? Here is my log: Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Brian Cohen :: BRIANCOHEN-PC [administrator] Protection: Enabled 6/14/2012 6:48:55 AM mbam-log-2012-06-14 (06-48-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241092 Time elapsed: 4 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank You.
  15. Merged post i performed a full scan today, only detection was C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZFEV3ZC\Testbundle23w_1254[1].exe i quarentined and removed it, im running another scan of mbam now to make sure its gone, i just wanted to know what it did, should i change all my passwords, etc. Thanks, tom to clarify mbam said it was a Torjan.Agent
  16. i performed a full scan today, only detection was C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZFEV3ZC\Testbundle23w_1254[1].exe i quarentined and removed it, im running another scan of mbam now to make sure its gone, i just wanted to know what it did, should i change all my passwords, etc. Thanks, tom
  17. I'm running a Windows 7 computer with a x64 bit processor. I ran AVG and Malwarebytes and I can't get rid of Trojan Agent3.atli. On top of that, my svchost.exe is infected with winrscmde. Any help to get rid of these pests without wiping my computer would be much appreciated.
  18. Merged 3 post I am working on a system that continually replaces the svchost.exe file in c:\windows\. I have run Malwarebytes numerous times, I have booted up UBCD4Win and run Avira, removed the svchost.exe and multiple other infected files. However, every time I restart the system, the infected svchost.exe file is back. I am attaching a Malwarebytes log, a couple DDS logs and a ComboFix log. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by East at 16:04:45 on 2012-03-20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2160 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Windows\system32\lxddcoms.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files\iPod\bin\iPodService.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe C:\Program Files\McAfee\VirusScan\mcods.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120228095146.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\East\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1716B468-3705-431F-9B3D-0C752FFB7F67} : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120228095146.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\East\AppData\Roaming\Mozilla\Firefox\Profiles\dzn9ai1u.default\ FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-28 13336] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-15 722616] R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-31 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-31 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-31 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-29 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-29 208536] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-1 1688384] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 0216731332198462mcinstcleanup;McAfee Application Installer Cleanup (0216731332198462);C:\Windows\TEMP\021673~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\021673~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176] S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-29 220528] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-4-26 34224] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-31 249936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-03-20 20:10:50 20480 ------w- C:\Windows\svchost.exe 2012-03-20 20:10:11 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-19 23:11:38 98816 ----a-w- C:\Windows\sed.exe 2012-03-19 23:11:38 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-19 23:11:38 256000 ----a-w- C:\Windows\PEV.exe 2012-03-19 23:11:38 208896 ----a-w- C:\Windows\MBR.exe 2012-03-19 19:51:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-17 20:14:00 -------- d-----w- C:\Users\East\AppData\Roaming\SUPERAntiSpyware.com 2012-03-17 20:14:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-03-17 10:58:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-13 21:11:03 3143168 ----a-w- C:\Windows\System32\win32k.sys 2012-03-13 21:10:59 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-13 21:10:59 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-13 21:10:58 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-03-13 21:10:58 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-03-13 21:10:57 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-13 21:10:57 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-03-13 21:10:57 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-03-13 21:10:56 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-13 21:10:56 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-03-13 21:10:56 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-03-13 21:09:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-13 21:09:30 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-13 21:09:30 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-13 21:09:25 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-13 21:09:24 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-13 21:09:24 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-13 21:09:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-03 01:22:16 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-03-03 01:21:39 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-03-03 01:21:37 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-03-03 01:21:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-03-03 01:20:38 634368 ----a-w- C:\Windows\System32\msvcrt.dll 2012-03-03 01:20:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-29 00:53:35 -------- d-----w- C:\Users\East\AppData\Local\{94EE6D9C-2572-41FB-ADF3-44DD1F456C87} 2012-02-29 00:53:23 -------- d-----w- C:\Users\East\AppData\Local\{C60E0B8A-2D18-4DFF-8EE6-8F8AEAAC83D0} 2012-02-29 00:53:09 -------- d-----w- C:\Users\East\AppData\Roaming\Windows Live Writer 2012-02-29 00:53:09 -------- d-----w- C:\Users\East\AppData\Local\Windows Live Writer 2012-02-28 15:51:46 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2012-02-25 01:18:31 -------- d-----w- C:\Users\East\AppData\Roaming\Malwarebytes 2012-02-25 01:18:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-25 01:18:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-24 22:13:43 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-24 21:01:35 -------- d-----w- C:\ProgramData\Ask . ==================== Find3M ==================== . 2012-02-28 04:01:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 16:05:19.57 =============== Have I stumped everyone, or is everyone on vacation? Since posting this, I have created a more up to date UBCD4Win the latest Avira updates. (About a week newer.) I have deleted Java and the Java directory in the user account. I have run Spybot S&D from the UBCD4Win CD. (reported clean) I have disabled various programs set to autorun. Still nothing seems to be working. Avira removed some more files last night, but when a booted the machine from the HDD this morning, Malwarebytes reported that the Trojan.Agent was back and still infecting svchost.exe. (c:\windows\svchost.exe) I have even tried creating a dummy svchost.exe file and setting it to read-only. Since my last post I have rebooted the computer from the HDD, re-run Malwarebytes and it reports that svchost.exe is once again infected with trogen.agent. I rebooted using the UBCD4Win with the latest Avira and updates. Avira found a virus it identifies as Pidief.cvh. I removed it and am now running McAfee Stinger to see what it finds. ComboFix.txt Attach.txt
  19. Hi everyone, I have been struggling to get rid of a virus that seems to be affecting my internet as well as the speed of my computer. I ran a malware quick scan and got 2 hits. trojan.agent file C:\Windows\svchost.exe trojan.agent memory process c:\Windows\svchost.exe 5876 I tried to ask malware to remove it but it was unsuccessful so I followd the next step and here is what the dds and attach files are. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chelsea at 11:19:44 on 2012-03-03 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8180.5651 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\OSD\OSD_Service.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\AlienRespawn\Toaster.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\OSD\OSD.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wuauclt.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alienware.com/ uDefault_Page_URL = hxxp://www.alienware.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Akamai NetSession Interface] "C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun: [FAStartup] mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\24142524 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\35F646F6D697 : DhcpNameServer = 10.0.0.99 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\751405021343 : DhcpNameServer = 63.162.197.99 71.2.28.14 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\96E63796768647F577966696F503939323 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\C4F66756548707C6F63796F6E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{897C26D5-C169-4C0C-8F17-92C39A4BAD81} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO-X64: scriptproxy - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO-X64: SSOIEAddonBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun-x64: [FAStartup] mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?] S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?] S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?] . =============== Created Last 30 ================ . 2012-03-03 16:03:57 20480 ----a-w- C:\Windows\svchost.exe 2012-03-03 15:49:50 -------- d-----w- C:\Users\Chelsea\AppData\Roaming\Malwarebytes 2012-03-03 15:49:04 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-03 15:48:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-03 15:48:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-02 11:59:13 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-03-02 11:59:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-03-02 11:59:07 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-03-02 11:59:06 460296 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-03-02 11:59:06 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-03-02 11:59:06 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2012-03-02 11:59:05 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2012-03-02 11:59:04 395776 ----a-w- C:\Windows\System32\webio.dll 2012-03-02 11:59:04 136192 ----a-w- C:\Windows\System32\sspicli.dll 2012-03-02 11:59:03 28160 ----a-w- C:\Windows\System32\secur32.dll 2012-03-02 11:59:03 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-03-02 11:58:57 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-02 11:56:35 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-03-02 11:56:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-03-02 02:05:09 -------- d-----w- C:\Program Files\WiseFixer 2012-03-02 01:04:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-02 01:04:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-02-04 16:33:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-04 16:33:38 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-04 16:30:18 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-02-04 16:30:18 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-02-04 16:30:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-02-04 16:30:17 31232 ----a-w- C:\Windows\System32\lsass.exe 2012-02-04 16:30:17 28672 ----a-w- C:\Windows\System32\sspisrv.dll . ==================== Find3M ==================== . . ============= FINISH: 11:22:49.30 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/1/2011 6:36:55 PM System Uptime: 3/3/2012 11:02:27 AM (0 hours ago) . Motherboard: Alienware | | Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1730/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 816.404 GiB free. D: is CDROM () Y: is FIXED (NTFS) - 15 GiB total, 8.199 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . ==== System Restore Points =================== . RP70: 1/25/2012 7:39:06 PM - Windows Modules Installer RP71: 1/25/2012 7:39:55 PM - Windows Modules Installer RP72: 2/4/2012 12:08:34 PM - Windows Update RP73: 2/27/2012 7:37:18 AM - Windows Update RP74: 3/1/2012 7:38:54 PM - Windows Update RP75: 3/2/2012 6:52:23 AM - Windows Update RP76: 3/3/2012 8:05:04 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Accelerometer Add or Remove Adobe Creative Suite 3 Production Premium Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Template Projects & Footage Adobe After Effects CS3 Third Party Content Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Production Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe Encore CS3 Library Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Glyphlet Creation Tool CS3 Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Reader 9.1.2 Adobe Setup Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Audio FX Engine AHV content for Acrobat and Flash AIM 7 Akamai NetSession Interface Akamai NetSession Interface Service AlienRespawn AlienRespawn - Support Software Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Command Center CyberLink PowerDVD 9.5 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell InHome Service Agreement DirectX 9 Runtime Download Updater (AOL LLC) Integrated Webcam Live! Central Intel® Control Center Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 22 LoJack Factory Installer Malwarebytes Anti-Malware version 1.60.1.1000 McAfee SecurityCenter Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OSD Setup PDF Settings PhotoShowExpress QuickTime Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype Toolbars Skype™ 5.3 Sonic CinePlayer Decoder Pack Spybot - Search & Destroy Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) . ==== Event Viewer Messages From Past Week ======== . 3/2/2012 7:11:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2640148). 3/2/2012 7:02:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2660075). 3/2/2012 6:58:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2660465). 3/2/2012 6:58:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2633879). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2632503). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2644615). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2631813). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2585542). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355). 3/2/2012 6:48:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect. 3/2/2012 6:48:23 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2012 10:30:39 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== Please help!! My computer is only 1 years old and should not be so slow and sad. Thank you soo much in advance!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.