Jump to content

Search the Community

Showing results for tags 'browser hijack'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 17 results

  1. This morning my wife's Firefox for Mac 10.9 kept redirecting to hmapsanddirections.co instead of Google when she opened a new tab. She does not recall clicking on anything suspicious or opening a file. Both Intego Virus Barrier and Malwarebytes show nothing. Only thing we could do was to refresh Firefox. What concerns me is that no virus program spotted it in real time or afterward and doing a Google search just results in lots of no-name, possibly malicious, sites. None of the major virus / security companies have any entries on this. Can someone provide more information so we can ensure her system is clean? Thanks!
  2. Hello, I have issue with Initialpage 123 browser hijacker who has infected the chrome browser and I also use firefox which seems free from it now. I used Malwarebytes trial, Unhackme and Adware cleaner. I checked all the processes and startups and registry and found something that might be associated and deleted. I found the Initialpage123 software in the program list but Windows10 and CCleaner could not remove it. Tried to remove from folder called Fehadon. Today found folder named .mus removed that. I also found local64SPL.dll and deleted. Its not first time i experience browser hijack, but I cant seem to remove it from chrome it always comes back after every restart. Malwarebytes always blocks the safesearch site it re-directs to but that is not helping. Malwarebytes also often blocks d2buh1bf1g584w.cloudfront.net that is used by msiexec.exe. I have fresh installed Windows 10 64X it would be a hassel to reinstall programs again so I need solution to get rid of this hijacker for good. FRST.txt Addition.txt zaraza.txt
  3. Hello,Today I discovered that my chrome's homepage was changed to "www.viceice.com" and all extensions and plugins were gone. I found out that it was a browser hijacker. Seems to be a newer malware cos there arent many guides online about this,just two or three and they didnt work. I tried the guide on malwaretips.com's website related to viceice.com and another website; used the following software/tools :AdwcleanerMalwarebytesHitmanproJunkware removal toolSpyhunterand Emisoft emergency kit. Malwarebytes,spyhunter,adwcleaner and Hitman did remove a few files, but the problem still persists. This seems to be a very stubborn piece of malware. Please help me, Any help would be greatly appreciated . Thanks. PS: Im attaching logs of malware bytes, junk removal tool and emisoft emergency kit.malwarebytes log.txt emisoft scan_150830-150507.txt JRT.txt
  4. Struggling with a similar issue as the user that posted this question: https://forums.malwarebytes.org/index.php?/topic/161188-proxy-server-1270019880/ Fiance somehow managed to d/l a virus I can't find much on. Not visible in Programs or Browser Extensions, but has completely hijacked all of my browsers by changing registry files. Ran the initial adwcleaner scan/clean. Turned up: File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal seemed to be the impetus behind running ads by SASA hijacked content After the adwcleaner scan, ran the advice from TwinHeadedEagle in the above referenced post but ran into a hiccup with the Farbar tool. Followed the advice, but any time I tried to run a fix, I get the following message followed by an autoshutdown of the Farbar tool: "Warning: Looks like you don't know what to do. To prevent damage to the system the tool will exit." How can I complete the process/fix? Do I need to attach my fixlist/addition .txt files and have a custom list made? Would that even work with this error message involved?
  5. Hello, for the last few months I have been having trouble with http://startsear.info/jacking my browser. I reset my home page and have tried resetting the firefox settings but when my computer restarts is is back. I have run Malewarebytes many times, it seems to find the item but after selecting quarentine and restarting it is still there! I am not sure what to do or how to get this off of my computer. Please help!
  6. My Windows 8 PC has been hijacked several times over the past few days while using Chrome. Each time it sends me to instantpcupdate.info telling me to update my flash player and on more than one occasion it started downloaded a file automatically. Scans turn up nothing. I have attached my Farbar logs. Thanks for the help - thenewno2 FRST.txt Addition.txt
  7. I keep getting my browser hijacked with a warning that my system is infected asking me to call a number to have it removed. The URL shows www.datably.com . Can MWB help?
  8. I am good with computers but i am struggling with this browser hijack as it is nowhere to be found in any browser extension but when i start ie firefox or chrome it redirects to http://www.bing.com/?pc=COSP&ptag=AABF01BDF90604DD4AEF&form=CONMHP&conlogo=CT3210127 however when i look at the browser settings they all appear in normal order. I have used revo uninstaller to get rid of any strange programs but i still get popups from malwarebytes blocking ids.idlecrawler outgoing process. I was getting some dll extension errors but i believe that i have resolved that but thought i would mention it in case it was connected. From what i have found on the internet this is supposed to be simply removing and extension but it does not seem that easy. I am scanning for rootkits with MBAM now. Any help would help would be much appreciated,, also browser is going very slow! Thanks, Chip
  9. Hey guys, Recently I've been writing an article on the causes of obesity and have been doing allot of searching as part of my literature review. I believe that during this exercise (and although I use WOT), unfortunately, my computer maybe have become infected with a virus. Yesterday I did a virus check with several different programs: malware bytes, AVG, SuperAntispyware, spybot search & destroy... All programs reported no infection. The symptoms are as follows: 1) for a while now, a time lag has occurred between typing and observing the text appear, an issue effecting both of my browsers (firefox/google chrome) 2) my computer just blue screen crashed on me today 3) when the computer rebooted, I noticed a warning symbol on the malwarebytes taskbar icon, 4) when I type www.yahoo.co.uk into my firefox browser, I sometimes get a fashion website loading up that has a completely different URL. After my system crash, I opened malwarebytes, and the dashboard showed the following warning: Malicious website protection disabled. Clicking on the fix now option has no effect. Would you guys be able to help? Thanks in advance. Doug.
  10. Hi, What would be the best way to remove the Trovi virus from my computer? I just got it a few days ago, and havenot yet taken any action to remove, for fear of not knowing what I'm really doing, and downloading unnecessary programs. So far, all I can see is that my internet browsers and search engines have been hijacked. Help would be appreciated!
  11. Hello, Ive been spending a few hours trying to remove www-search.net by Tuvaro, this pops up every time I open firefox as default search engine. Ive run malwearbytes, comodo, rougkiller, tdsskiller, reinstalled firefox ect. I have not found an extention for it on firfox and its not my default page and its not in add remove programs and I cant find it searching my hard disk. A blank black.exe box pops up periodically and started the same time the www-search.net by Tuvaro took over my web browsers firfox and chrome. I have followed all the instructions from http://malwaretips.com/blogs/www-search-net-removal/ to no avail. Any help would be greatly appreciated. Sinbowden
  12. Running XPsp3 system is obviously infected and we are having browser redirects that upload even more malware. Been fighting this off for over a week now. AVG, Spyhunter and Malwarebytes have been effective to an extent. But seem to be losing the battle. I've removed 11 virues and close to 80 suspicious malware related entries and programs, but they keep popping back up. AVG isn't functioning like it should anymore, and Spyhunter has officially been locked out via admin rights. Malwarebytes via Chameleon is the only thing detecting infections currently. Browser redirects and odd pop-ups continue to occur. I do not use my normal browser anymore as a result. Any help would be appreciated. We're getting desperate and a reformat isn't an option at the moment. DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.45.2 Run by Administrator at 14:36:41 on 2013-11-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2491 [GMT -5:00] . AV: AVG Internet Security 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security 2014 *Enabled* . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe" mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [systemProtect] c:\program files\system protect\SysProtect_Tray.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{803AD560-0395-45F7-AD2F-2CF40228C2CB} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\rpohmzt6.default\ FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - ExtSQL: 2013-10-12 21:09; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\17.0.1.12 FF - ExtSQL: 2013-10-16 09:45; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 223032] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 102200] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27448] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-7-18 37664] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2013-10-10 1034240] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560] S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 209208] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22840] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 176952] S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 91248] S1 MpKslf0d662a7;MpKslf0d662a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\MpKslf0d662a7.sys [2013-11-6 40392] S2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-25 1358944] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480] S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056] S2 SP_Service;System Protect Deletion Prevention Service;c:\program files\system protect\SysProtect_srv.exe [2013-7-24 598528] S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-12 1734680] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944] S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?] S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\rtl8192cu.sys [2013-7-18 987904] S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2013-7-24 12288] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 EsgScanner;EsgScanner;c:\windows\system32\drivers\esgscanner.sys --> c:\windows\system32\drivers\EsgScanner.sys [?] S4 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE . =============== Created Last 30 ================ . 2013-11-06 19:06:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Help 2013-11-06 18:58:02 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-06 15:58:47 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\MpKslf0d662a7.sys 2013-11-06 00:06:36 -------- d-----w- c:\program files\common files\Wondershare 2013-11-06 00:06:00 -------- d-----w- c:\program files\Wondershare 2013-11-05 05:53:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-11-05 05:52:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2013-11-05 05:51:56 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-11-05 05:51:35 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2013-11-05 05:51:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2013-11-05 05:50:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2013-11-05 05:49:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2013-11-05 05:49:07 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-11-05 05:49:07 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys 2013-11-05 05:48:15 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2013-11-05 05:48:15 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2013-11-05 05:47:40 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2013-11-05 05:47:39 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2013-11-05 05:47:39 110592 -c----w- c:\windows\system32\dllcache\services.exe 2013-11-05 05:47:38 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2013-11-05 05:47:38 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2013-11-05 05:47:38 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2013-11-05 05:47:33 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2013-11-05 05:47:09 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2013-11-05 05:45:33 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2013-11-05 05:45:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2013-11-05 05:44:50 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-11-05 05:44:50 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-11-05 05:44:42 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2013-11-05 05:44:38 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys 2013-11-05 05:44:38 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-11-05 05:42:18 536576 -c----w- c:\windows\system32\dllcache\msado15.dll 2013-11-05 05:41:13 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2013-11-05 05:41:07 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2013-11-05 05:40:29 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-11-05 05:40:29 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-11-05 05:40:29 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-11-05 05:40:29 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-11-05 05:39:13 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll 2013-11-05 05:39:11 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-11-05 05:39:10 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-11-05 05:39:09 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2013-11-05 05:39:09 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-11-05 05:39:03 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2013-11-05 05:38:38 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2013-11-05 05:37:41 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2013-11-05 02:13:56 -------- d-----w- c:\documents and settings\all users\application data\PCHealthBoost 2013-11-05 00:50:12 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\mpengine.dll 2013-11-05 00:31:10 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2013-11-05 00:31:10 1371648 -c----w- c:\windows\system32\dllcache\msxml6.dll 2013-11-05 00:27:41 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2013-11-04 07:28:31 -------- d-----w- c:\documents and settings\administrator\application data\AVG2014 2013-11-04 07:28:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Avg2014 2013-11-04 03:25:14 -------- d-----w- c:\documents and settings\all users\application data\AVG2014 2013-11-04 03:03:17 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2013-11-04 03:03:17 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2013-11-04 03:03:15 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2013-11-04 03:03:07 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe 2013-11-04 03:03:05 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe 2013-11-04 03:03:05 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe 2013-11-04 03:03:05 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll 2013-11-04 03:03:04 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys 2013-11-04 03:03:04 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys 2013-11-04 03:03:04 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys 2013-11-04 03:01:59 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll 2013-11-04 03:00:57 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll 2013-11-04 03:00:50 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2013-11-04 02:57:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2013-11-04 02:57:49 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe 2013-11-04 02:56:47 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll 2013-11-04 02:56:45 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe 2013-11-04 02:56:45 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe 2013-11-04 02:56:45 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe 2013-11-04 02:15:44 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2013-11-04 02:15:44 24661 ----a-w- c:\windows\system32\spxcoins.dll 2013-11-04 02:15:44 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2013-11-04 02:15:44 13312 ----a-w- c:\windows\system32\irclass.dll 2013-11-03 18:36:29 -------- d-----w- C:\Fraps 2013-11-03 18:35:32 -------- d-----w- c:\program files\EVGA Precision 2013-11-03 17:37:25 1994752 ----a-w- c:\windows\UNNMP.exe 2013-11-03 17:34:19 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2013-11-03 17:32:54 24064 ----a-w- c:\windows\system32\msxml3a.dll 2013-11-03 17:32:54 2277376 ----a-w- c:\windows\UNNeroVision.exe 2013-11-03 17:32:24 476320 ----a-w- c:\windows\system32\ImagXpr7.dll 2013-11-03 17:32:24 471040 ----a-w- c:\windows\system32\ImagXRA7.dll 2013-11-03 17:32:24 364544 ----a-w- c:\windows\system32\TwnLib4.dll 2013-11-03 17:32:24 262144 ----a-w- c:\windows\system32\ImagXR7.dll 2013-11-03 17:32:24 1568768 ----a-w- c:\windows\system32\ImagX7.dll 2013-11-03 17:32:23 38912 ----a-w- c:\windows\system32\picn20.dll 2013-11-03 17:32:23 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2013-11-03 16:26:01 -------- d-----w- C:\Temp 2013-11-02 23:53:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities 2013-11-02 23:53:29 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search 2013-11-02 23:23:51 427864 ----a-w- c:\windows\system32\XceedZip.dll 2013-11-02 22:44:41 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-11-02 21:18:18 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius 2013-11-02 13:23:50 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll 2013-11-02 13:23:44 -------- d-----w- c:\program files\Rhapsody 2013-11-02 13:04:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-02 13:04:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\framework\root\CPUThermometer 2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\framework\root 2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\Framework 2013-10-28 07:15:05 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search 2013-10-27 01:25:41 4379984 ----a-w- c:\windows\system32\d3dx9_40.dll 2013-10-27 01:25:19 -------- d-----w- c:\documents and settings\all users\application data\Logs 2013-10-27 01:25:10 -------- d-----w- c:\program files\Dll-Files.com Fixer 2013-10-27 00:25:03 -------- d-----w- c:\windows\system32\winrm 2013-10-27 00:24:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2013-10-27 00:23:35 -------- d-----w- c:\windows\system32\GroupPolicy 2013-10-27 00:23:35 -------- d-----w- c:\program files\Windows Desktop Search 2013-10-27 00:21:12 -------- d-----w- c:\windows\system32\URTTEMP 2013-10-26 18:01:40 -------- d-----w- c:\windows\RegisteredPackages 2013-10-26 18:00:40 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys 2013-10-26 18:00:39 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2013-10-26 18:00:39 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys 2013-10-26 18:00:39 61952 ----a-w- c:\windows\system32\kstvtune.ax 2013-10-26 18:00:39 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2013-10-26 18:00:39 43008 ----a-w- c:\windows\system32\ksxbar.ax 2013-10-26 18:00:39 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys 2013-10-26 18:00:37 5504 ----a-w- c:\windows\system32\drivers\mstee.sys 2013-10-26 17:59:51 -------- d--h--w- c:\windows\msdownld.tmp 2013-10-26 07:01:20 -------- d-----w- C:\New Folder 2013-10-24 04:49:10 1409 ----a-w- c:\windows\QTFont.for 2013-10-24 04:41:59 -------- d-----w- c:\program files\DVD Shrink 2013-10-23 02:29:10 -------- d--h--w- C:\RL 2 2013-10-22 15:11:48 203576 ----a-w- c:\windows\system32\RICHTX32.OCX 2013-10-22 15:11:48 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2013-10-19 17:16:42 -------- d-----w- c:\program files\MSXML 4.0 2013-10-19 00:35:07 -------- d-----w- c:\windows\system32\BWKDLogs 2013-10-19 00:34:11 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-10-19 00:34:11 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-10-19 00:34:01 -------- d-----w- c:\program files\common files\Kodak 2013-10-19 00:32:00 -------- d-----w- c:\program files\Kodak 2013-10-19 00:29:59 -------- d-----w- c:\documents and settings\all users\application data\Kodak 2013-10-18 03:37:46 221184 ----a-w- c:\windows\system32\wmpns.dll 2013-10-18 03:37:38 -------- d-----w- c:\program files\Windows Media Connect 2 2013-10-18 03:36:06 -------- d-----w- C:\656e718fed0ffcfdcb23ea6d0dac 2013-10-18 03:36:02 -------- d-----w- c:\windows\system32\LogFiles 2013-10-17 21:15:23 -------- d-----w- c:\program files\Metaseq31 2013-10-17 20:39:34 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2013-10-17 20:39:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2013-10-17 20:39:31 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2013-10-17 20:39:29 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2013-10-17 20:39:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2013-10-17 20:38:02 -------- d-----w- c:\program files\tetraface 2013-10-17 20:14:42 -------- d-----w- c:\program files\NCH Software 2013-10-17 05:57:26 -------- d-----w- c:\program files\Advanced Batch Converter 2013-10-16 19:50:25 -------- d-----w- c:\program files\Microsoft ActiveSync 2013-10-16 19:48:18 -------- d--h--w- c:\windows\ShellNew 2013-10-16 19:48:14 -------- d-----w- c:\program files\common files\L&H 2013-10-16 13:54:02 145408 ----a-w- c:\windows\system32\javacpl.cpl 2013-10-16 13:53:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-16 13:45:35 -------- d-----w- c:\program files\RealNetworks 2013-10-16 13:45:34 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks 2013-10-16 13:43:51 -------- d-----w- c:\program files\common files\xing shared 2013-10-15 05:14:47 -------- d-----w- c:\program files\FileASSASSIN 2013-10-15 04:40:53 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP 2013-10-15 03:51:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla 2013-10-15 02:06:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2013-10-13 03:17:04 238872 ----a-w- c:\windows\system32\MpSigStub.exe 2013-10-13 03:13:40 -------- d-----w- c:\program files\Microsoft Security Client 2013-10-12 13:44:04 -------- d-----w- c:\program files\Uninstaller 2013-10-11 21:27:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2013-10-11 01:48:22 -------- d-----w- c:\windows\system32\MRT 2013-10-11 01:47:24 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll 2013-10-11 01:33:44 -------- d-----w- C:\DriversBackup 2013-10-11 01:32:05 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-10-11 01:07:28 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys 2013-10-11 01:07:27 89088 ----a-w- c:\windows\system32\ATL71.DLL 2013-10-11 01:07:27 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2013-10-11 01:07:27 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2013-10-11 01:07:27 281104 ----a-w- c:\windows\system32\wpcap.dll 2013-10-11 01:07:27 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2013-10-11 01:07:27 100880 ----a-w- c:\windows\system32\Packet.dll . ==================== Find3M ==================== . 2013-11-04 02:29:43 1098236 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-11-04 02:29:43 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-11-04 02:29:37 1098236 ----a-w- c:\windows\system32\nvdrsdb1.bin 2013-10-16 13:42:20 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-10-16 13:42:20 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-10-13 01:08:43 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-09-26 01:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-09-23 07:40:04 668672 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 07:40:03 81920 ----a-w- c:\windows\system32\ieencode.dll 2013-09-23 07:40:03 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-09-23 01:22:30 369664 ----a-w- c:\windows\system32\html.iec 2013-09-11 03:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-09 03:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 15:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 15:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 15:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 15:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys . ============= FINISH: 14:37:12.28 ===============
  13. This is my first time in the forum. This Morning MBAM detect a browser hijack after I did a quick scan, but I think it maybe a false positive. The file it mentions in the log belongs to Tune-up Utilities. TU stops processes running that belong to a particular program after that program is closed, this is to conserve system resources. In this case Tune-up asked me if I wanted to disable Firefox, I said yes, soon after I did a scan and a browser hijack was reported. Can you please confirm this is a false positive, and put my mind at rest. I have included the log which I ran using mbam.exe /developer.
  14. I am trying to remove a single instance of PUP.Optional.BrowseFOX.A from a Windows 7 laptop. I got the PUP from Cnet in a download and after figuring out what to get rid of, I unstalled all programs I installed that day. I ran Malwarebytes and removed everything. Since then I run Malwarebytes over and over again and I find one instance that I remove. I rebotted and the thing showed up again. I can remove the Pup and it stays gone for a few minutes and then after 15 minutes or so I run Malwarebytes again and it is back. I have done this multiple time and Malwarebytes nor Norton can find it in the registry or remove it How do i get rid of this malware instance? Thanks, Joe
  15. When I open chrome, it goes to a yahoo search page that has the term spigot in it. My lastpass browser extension also fails to load. dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Travis at 19:37:32 on 2013-08-27Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8079.6335 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\Program Files\Microsoft Mouse and Keyboard Center\itype.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\taskeng.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dlluRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostartStartupFolder: C:\Users\Travis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Travis\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: LastPass - C:\Users\Travis\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Users\Travis\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 75.75.76.76 75.75.75.75TCP: Interfaces\{EB36D9E6-96A6-484C-8184-EDA6F235B346} : DHCPNameServer = 75.75.76.76 75.75.75.75Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-20 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-20 189936]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-20 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-20 378944]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-20 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-20 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-20 46808]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-14 13592]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-14 331264]R3 siigPCIeMf;siigPCIeMf;C:\Windows\System32\drivers\siigPCIeMf.sys [2010-4-1 55808]R3 siigPCIeSer;siigPCIeSer;C:\Windows\System32\drivers\siigPCIeSer.sys [2010-4-1 98304]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-20 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-14 428136]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2013-8-14 878696]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-20 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-20 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-20 1255736].=============== Created Last 30 ================.2013-08-27 22:43:15 -------- d-----w- C:\Windows\System32\appmgmt2013-08-27 22:38:31 -------- d-----w- C:\Users\Travis\AppData\Roaming\Malwarebytes2013-08-27 22:33:47 -------- d-----w- C:\Program Files\CCleaner2013-08-27 22:33:03 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-27 22:33:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-08-27 22:33:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-27 21:56:42 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E3CAB20-4C27-4657-AC6D-9561333BE83C}\mpengine.dll2013-08-27 03:22:22 -------- d-----w- C:\Users\Travis\AppData\Local\Diagnostics2013-08-27 02:29:07 -------- d-----w- C:\Users\Travis\AppData\Roaming\uTorrent2013-08-24 14:44:16 -------- d-----w- C:\ProgramData\Reprise2013-08-24 14:38:11 -------- d-----w- C:\Users\Travis\AppData\Roaming\Sublime Text 22013-08-24 14:38:05 -------- d-----w- C:\Program Files\Sublime Text 22013-08-24 14:34:38 -------- d-----w- C:\Users\Travis\.mplabcomm2013-08-24 14:28:51 -------- d-----w- C:\Users\Travis\MPLABXProjects2013-08-24 14:28:51 -------- d-----w- C:\Users\Travis\.netbeans2013-08-24 14:28:42 -------- d-----w- C:\Users\Travis\AppData\Roaming\.mplab_ide2013-08-24 14:27:42 -------- d-----w- C:\gnuwin322013-08-24 14:09:40 -------- d-----w- C:\Users\Travis\.ssh2013-08-24 14:03:43 -------- d-----w- C:\Users\Travis\AppData\Roaming\TortoiseHg2013-08-24 14:03:27 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays2013-08-24 14:03:26 -------- d-----w- C:\Program Files\TortoiseHg2013-08-24 13:59:19 -------- d-----w- C:\Projects2013-08-24 13:42:52 -------- d-----w- C:\Users\Travis\AppData\Roaming\HpUpdate2013-08-24 13:42:50 741480 ------w- C:\Windows\System32\HPDiscoPM5412.dll2013-08-24 13:42:43 -------- d-----w- C:\Program Files (x86)\HP2013-08-24 13:42:42 -------- d-----w- C:\Program Files\HP2013-08-24 13:41:50 -------- d-----w- C:\Users\Travis\AppData\Local\HP2013-08-23 02:41:34 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center2013-08-21 02:49:31 -------- d-----w- C:\ProgramData\Microchip2013-08-21 02:46:45 98304 ----a-w- C:\Windows\SysWow64\mchpwinusbdevice.exe2013-08-21 02:46:45 83456 ----a-w- C:\Windows\System32\SerialAccessLink.dll2013-08-21 02:46:45 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll2013-08-21 02:46:45 4389441 ----a-w- C:\Windows\SysWow64\USBAccessLink.dll2013-08-21 02:46:45 161792 ----a-w- C:\Windows\System32\USBAccessLink.dll2013-08-21 02:46:45 1533512 ----a-w- C:\Windows\System32\WUDFUpdate_01007.dll2013-08-21 02:46:45 151552 ----a-w- C:\Windows\SysWow64\SerialAccessLink.dll2013-08-21 02:46:45 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll2013-08-21 02:46:45 105472 ----a-w- C:\Windows\System32\mchpwinusbdevice64.exe2013-08-21 02:46:06 -------- d-----w- C:\Program Files (x86)\Microchip2013-08-21 02:32:34 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-08-21 02:32:34 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-08-21 02:15:16 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft2013-08-21 02:14:49 -------- d-----w- C:\Program Files (x86)\MSECache2013-08-21 02:10:39 -------- d-----r- C:\Users\Travis\Dropbox2013-08-21 02:06:33 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services2013-08-21 02:06:22 -------- d-----w- C:\Windows\PCHEALTH2013-08-21 02:06:22 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-08-21 02:04:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 82013-08-21 02:03:20 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-08-21 02:03:05 -------- d-----w- C:\Users\Travis\AppData\Local\Microsoft Help2013-08-21 01:57:17 157000 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX2013-08-21 01:57:17 128840 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX2013-08-21 01:57:16 259912 ----a-w- C:\Windows\SysWow64\MSFLXGRD.OCX2013-08-21 01:57:16 219464 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX2013-08-21 01:57:16 130888 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL2013-08-21 01:57:16 -------- d-----w- C:\Program Files (x86)\FuH2013-08-21 01:57:05 -------- d-----w- C:\Users\Travis\AppData\Local\Programs2013-08-21 01:47:08 -------- d-----w- C:\Users\Travis\AppData\Roaming\SUPERAntiSpyware.com2013-08-21 01:47:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2013-08-21 01:47:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware2013-08-21 01:46:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-21 01:46:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-21 01:46:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-21 01:46:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-21 01:46:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-08-21 01:46:42 -------- d-----w- C:\Users\Travis\AppData\Local\Apple2013-08-21 01:46:12 -------- d-----w- C:\Users\Travis\AppData\Roaming\Dropbox2013-08-21 01:45:49 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll2013-08-21 01:45:44 -------- d-----w- C:\Users\Travis\AppData\Roaming\Foxit Software2013-08-21 01:45:43 -------- d-----w- C:\Program Files (x86)\Foxit Software2013-08-21 01:45:03 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-08-21 01:43:21 -------- d-----w- C:\Windows\SysWow64\Adobe2013-08-21 01:43:04 -------- d-----w- C:\Python272013-08-21 01:40:13 -------- d-----w- C:\Users\Travis\AppData\Roaming\Scooter Software2013-08-21 01:40:10 -------- d-----w- C:\Program Files (x86)\Beyond Compare 32013-08-21 01:31:10 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-21 01:31:09 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-21 01:31:09 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-21 01:31:09 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-21 01:31:09 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-21 01:31:09 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-21 01:31:08 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-21 01:31:08 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-21 01:31:08 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-21 01:31:08 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-21 01:31:08 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-21 01:29:24 -------- d-----w- C:\Users\Travis\AppData\Local\Adobe2013-08-21 01:15:22 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-21 01:15:22 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-08-21 01:07:57 -------- d-----w- C:\Windows\SysWow64\Wat2013-08-21 01:07:57 -------- d-----w- C:\Windows\System32\Wat2013-08-21 00:58:38 9728 ----a-w- C:\Windows\System32\Wdfres.dll2013-08-21 00:58:38 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2013-08-21 00:58:38 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2013-08-21 00:58:38 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2013-08-21 00:57:43 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-08-21 00:54:14 -------- d-----w- C:\Windows\System32\MRT2013-08-21 00:50:39 46080 ----a-w- C:\Windows\System32\atmlib.dll2013-08-21 00:50:39 367616 ----a-w- C:\Windows\System32\atmfd.dll2013-08-21 00:50:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2013-08-21 00:50:39 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2013-08-21 00:50:08 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2013-08-21 00:50:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2013-08-21 00:50:08 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2013-08-21 00:50:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2013-08-21 00:50:07 744448 ----a-w- C:\Windows\System32\WUDFx.dll2013-08-21 00:50:07 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2013-08-21 00:50:07 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2013-08-21 00:40:56 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-08-21 00:37:14 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-08-21 00:37:14 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-08-21 00:31:13 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-21 00:31:13 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-21 00:31:13 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-21 00:31:13 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-21 00:31:12 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-21 00:30:57 41664 ----a-w- C:\Windows\avastSS.scr2013-08-21 00:30:22 -------- d-----w- C:\Program Files\AVAST Software2013-08-21 00:29:49 -------- d-----w- C:\ProgramData\AVAST Software2013-08-21 00:29:25 -------- d-----w- C:\Users\Travis\AppData\Local\Google2013-08-21 00:28:55 -------- d-----w- C:\Users\Travis\AppData\Local\Deployment2013-08-21 00:28:55 -------- d-----w- C:\Users\Travis\AppData\Local\Apps2013-08-15 04:23:11 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation2013-08-15 04:14:15 829264 ----a-r- C:\Windows\System32\msvcr100.dll2013-08-15 04:14:15 -------- d-----w- C:\Windows\System32\OEM2013-08-15 04:14:15 -------- d-----w- C:\Windows\Panther2013-08-15 04:11:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2013-08-15 04:11:52 366592 ----a-w- C:\Windows\System32\qdvd.dll2013-08-15 04:11:26 209920 ----a-w- C:\Windows\System32\profsvc.dll2013-08-15 04:10:56 2342400 ----a-w- C:\Windows\SysWow64\msi.dll2013-08-15 04:10:55 3216384 ----a-w- C:\Windows\System32\msi.dll2013-08-15 04:10:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2013-08-15 04:09:57 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2013-08-15 04:09:57 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2013-08-15 04:09:57 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2013-08-15 04:09:05 331264 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys2013-08-15 04:09:05 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll2013-08-15 04:07:32 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys2013-08-15 04:07:05 -------- d-----w- C:\Program Files (x86)\ASM104xUSB32013-08-15 04:05:37 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll2013-08-15 04:05:35 -------- d-----w- C:\Intel2013-08-15 04:05:15 878696 ----a-w- C:\Windows\System32\drivers\rtl8192Ce.sys2013-08-15 04:05:02 -------- d-----w- C:\Program Files (x86)\Microsoft2013-08-15 04:05:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live2013-08-15 03:50:05 -------- d-----w- C:\Program Files (x86)\ESET Activation Helper (Noderator)2013-08-15 03:48:39 -------- d-sh--w- C:\Windows\Installer.==================== Find3M ====================.2013-08-21 01:42:51 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-08-21 01:42:50 972712 ----a-w- C:\Windows\System32\deployJava1.dll2013-08-21 01:42:50 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-08-21 01:42:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-08-21 01:42:31 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-08-21 01:42:31 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-08-21 00:40:59 15604224 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe2013-08-21 00:40:54 916992 ----a-w- C:\Program Files (x86)\LPToolbar_x64.dll2013-08-21 00:40:54 6484992 ----a-w- C:\Program Files (x86)\LPPlugin.dll2013-08-21 00:40:54 612864 ----a-w- C:\Program Files (x86)\LPToolbar.dll2013-08-21 00:40:54 180736 ----a-w- C:\Program Files (x86)\WinBioStandalone.exe2013-08-21 00:40:54 1425408 ----a-w- C:\Program Files (x86)\LPIEHome64.ocx2013-08-21 00:40:54 11877888 ----a-w- C:\Program Files (x86)\LPPlugin_x64.dll2013-08-21 00:40:54 1068544 ----a-w- C:\Program Files (x86)\LPIEHome.ocx2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll.============= FINISH: 19:37:40.92 =============== attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 8/20/2013 7:26:06 PMSystem Uptime: 8/27/2013 7:20:03 PM (0 hours ago).Motherboard: ECS | | H61H2-WMProcessor: Intel® Core i5-3470 CPU @ 3.20GHz | SOCKET 0 | 3201/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1863 GiB total, 1810.226 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek PCIe GBE Family ControllerDevice ID: PCI\VEN_10EC&DEV_8168&SUBSYS_31941019&REV_06\4&1AA791EF&0&00E4Manufacturer: RealtekName: Realtek PCIe GBE Family ControllerPNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_31941019&REV_06\4&1AA791EF&0&00E4Service: RTL8167.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 6500 E710n-zDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 6500 E710n-zPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NICDevice ID: PCI\VEN_10EC&DEV_8176&SUBSYS_11391A3B&REV_01\4&5BF6660&0&00E0Manufacturer: Realtek Semiconductor Corp.Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NICPNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_11391A3B&REV_01\4&5BF6660&0&00E0Service: RTL8192Ce.==== System Restore Points ===================.RP18: 8/22/2013 9:57:55 PM - Windows UpdateRP19: 8/22/2013 9:58:25 PM - Windows UpdateRP20: 8/24/2013 8:45:57 AM - Windows UpdateRP21: 8/24/2013 9:03:16 AM - Installed TortoiseHg 2.9.0 (x64)RP22: 8/26/2013 10:23:28 PM - Restore OperationRP23: 8/27/2013 4:56:16 PM - Windows UpdateRP24: 8/27/2013 5:03:54 PM - Installed TortoiseHg 2.9.0 (x64)RP25: 8/27/2013 5:21:45 PM - Windows UpdateRP26: 8/27/2013 5:42:18 PM - Removed Adobe Reader X (10.1.7).RP27: 8/27/2013 7:35:24 PM - Removed HP Officejet 6500 E710n-z Product Improvement Study.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe AIRAdobe Shockwave Player 12.0Apple Application SupportApple Software UpdateAsmedia ASM104x USB 3.0 Host Controller Driveravast! Free AntivirusBeyond Compare 3.3.8CCleanerDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDocklight Scripting V2.0DropboxFileZilla Client 3.7.3Foxit ReaderGoogle ChromeGoogle DriveGoogle EarthGoogle Talk (remove only)Google Update HelperHP Officejet 6500 E710n-z Basic Device SoftwareHP Officejet 6500 E710n-z HelpHP UpdateI.R.I.S. OCRIntel® Control CenterIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava 7 Update 25Java 7 Update 25 (64-bit)Java Auto UpdaterLastPass (uninstall only)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visio Viewer 2013Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MPLAB X IDE v1.85MPLAB XC16 C CompilerPuTTY version 0.63Python 2.7.5QuickTimeRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSUPERAntiSpywareswMSMTortoiseHg 2.9.0 (x64)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionVLC media player 2.0.8.==== Event Viewer Messages From Past Week ========.8/27/2013 7:20:18 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 1268/22/2013 9:58:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: SIIG, Inc. - Bus Controllers and Ports, Other hardware - CyberSerial 16C950.8/20/2013 8:10:24 PM, Error: Service Control Manager [7023] - 8/20/2013 7:57:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems..==== End Of File ===========================
  16. Malware is redirecting Firefox to www.searchnu.com/406. I have attached a screen shot showing the redirect. Neither F-Secure nor Malwarebytes has removed this problem. Please advise on what to do. There is little online about this issue and most sites discussing it seem to be fraudulent. Ran dds but only one file created which I have attached. Please assist. DDS.txt
  17. Hi Forum, I hate to re-post but it looks like I might have fallen through the cracks. I am still dealing with the issues listed in my previous post from two weeks ago. http://forums.malwarebytes.org/index.php?showtopic=103716&hl=&fromsearch=1 In short, I have a browser hijack / google redirect malware issue, Malwarebytes is notifying me of blocking outgoing contact to malicious websites, and while this is occuring I have high memory usage and a very slow system. Running Malwarebytes (even in safe mode) does not slove these issues. After reading around the forum I am wondering if I migh have rootkit issue - I am at a loss on how to proceed but I don't want to start tinkering until I get some info from an expericed adivisor. I really appreciate any help someone can provide! ---------------------------------------------- Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.02.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 1/2/2012 8:54:59 PM mbam-log-2012-01-02 (20-54-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204701 Time elapsed: 32 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30 Run at 12:21:01 on 2012-01-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Palm\hotsync.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\ping.exe C:\WINDOWS\system32\msiexec.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~1\fvbho140.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111223233619.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\ypager.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe" mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [sSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [FlipViewer Library] "c:\program files\e-book systems\flipviewer\FlipViewerLibrary.exe" /showmode=hide mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll LSP: mswsock.dll Trusted Zone: musicmatch.com\online DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\alison satake\application data\mozilla\firefox\profiles\ls0pk803.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll FF - plugin: c:\documents and settings\alison satake\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPOpf.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-14 464176] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-14 89792] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-30 652872] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-11 94880] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 150856] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57600] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-30 20464] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-14 180816] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-1 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-1 13224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2006-3-7 31744] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-14 59456] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-14 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 87656] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-6-17 272128] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-12-1 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-12-1 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-12-1 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-12-1 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-12-1 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-12-1 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-12-1 109864] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-23 152064] S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys [2005-11-17 727908] S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys [2005-11-17 44928] . =============== Created Last 30 ================ . 2012-01-03 16:54:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys . ==================== Find3M ==================== . 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-12 20:23:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-14 22:38:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll . ============= FINISH: 12:29:15.29 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.