Jump to content

Search the Community

Showing results for tags 'dds'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 16 results

  1. Hello everyone, Newbie here.. So I installed originally installed the free version of Malwarebytes because I've been having an issue obviously with some form of malware installed on my computer, duh. I came to the exact same conclusion where I could not login to my profile unless it was under safe mode so I restored the computer to a previous point where Malwarebytes was not installed and everything was back to normal. The definition of normal being that everything worked correctly including my sneaky ninja @$$hole malware buddy still lurking in the shadows and popping up random ads whenever it so pleased. So then I read somewhere on this forum that it is much easier to get support if I just went PRO. Long story short, here I am. I'm back with the exact same problem except this time I have proof of ownership and hopefully someone here can help me actually get back into my computer! As I read on the "I'm infected - What do I do now?" page, I downloaded both of the DDS files and here there are.. DDS.TXT: DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORKInternet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by James at 14:03:52 on 2014-01-23Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.5119 [GMT -5:00].AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\mfevtps.exeC:\windows\System32\svchost.exe -k secsvcsC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankuURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dllmURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [Facebook Update] "C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exemRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dmRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /runmRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exemRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /smRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exemRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXEmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptStartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: NameServer = 192.168.1.254TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25}\2375942554039343 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25}\5455D23547574656E647 : DHCPNameServer = 172.18.64.5TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25}\661657 : DHCPNameServer = 131.91.129.32 131.91.129.61TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25}\6616577657563747 : DHCPNameServer = 131.91.131.16 131.91.128.238 131.91.130.201TCP: Interfaces\{76A95530-0510-45C3-844B-CA851C02AB25}\74275656E644F676 : DHCPNameServer = 68.87.74.166 68.87.68.166 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFiltermASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplashx64-Run: [TpShocks] C:\windows\System32\TpShocks.exex64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exex64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exex64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exex64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-14 57952]R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-6-14 39008]R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-6-14 23648]R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-10-19 46368]R2 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-9-24 782360]R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2014-1-10 182752]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-14 307304]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-14 333928]S1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-14 13408]S1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-6-14 55880]S1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-6-14 22912]S1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-6-14 20328]S1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-6-14 62584]S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]S2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]S2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]S2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 513736]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-21 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-21 701512]S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-14 2656280]S2 Update Whilokii;Update Whilokii;C:\Program Files (x86)\Whilokii\updateWhilokii.exe [2013-10-4 97048]S2 Util Whilokii;Util Whilokii;C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [2013-10-20 97048]S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-19 1734680]S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-2-17 75264]S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-2-17 174080]S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-2-17 81920]S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]S3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-15 111616]S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2013-9-25 1674720]S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2014-1-21 36680]S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-21 25928]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-12-21 245280]S3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-6-14 8200552]S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-23 1255736]S3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-01-21 14:27:20 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys2014-01-21 07:41:51 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{644A489C-6B00-4F63-A817-27B229E879F1}\mpengine.dll2014-01-21 05:27:54 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2014-01-21 05:27:54 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2014-01-21 05:27:54 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys2014-01-21 05:27:54 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2014-01-21 05:27:54 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2014-01-21 05:27:54 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2014-01-21 05:27:54 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2014-01-21 05:27:47 3156480 ----a-w- C:\windows\System32\win32k.sys2014-01-21 05:27:44 376768 ----a-w- C:\windows\System32\drivers\netio.sys2014-01-21 05:21:55 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2014-01-11 18:02:24 -------- d-----w- C:\Users\James\AppData\Roaming\LavasoftStatistics2014-01-11 17:44:22 -------- d-----w- C:\Program Files\Lavasoft2014-01-11 17:43:13 -------- d-----w- C:\Program Files\Common Files\Lavasoft2014-01-11 17:22:17 244416 ----a-w- C:\windows\SysWow64\Msflxgrd.ocx2014-01-11 17:22:17 209192 ----a-w- C:\windows\SysWow64\TABCTL32.OCX2014-01-11 17:22:17 203976 ----a-w- C:\windows\SysWow64\RICHTX32.OCX2014-01-11 17:22:17 140288 ----a-w- C:\windows\SysWow64\comdlg32.ocx2014-01-11 17:22:13 -------- d-----w- C:\Users\James\AppData\Roaming\TechCheck2014-01-10 22:25:20 182752 ----a-w- C:\windows\System32\mfevtps.exe2014-01-10 22:25:19 -------- d-----w- C:\Program Files\Common Files\McAfee2014-01-10 22:04:52 -------- d-----w- C:\Program Files (x86)\Citrix2014-01-10 22:04:33 -------- d-----w- C:\Users\James\AppData\Local\Citrix.==================== Find3M ====================.2013-12-18 11:13:56 270496 ------w- C:\windows\System32\MpSigStub.exe2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-11-04 21:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys2013-11-04 21:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll2013-02-19 22:31:10 4126720 ----a-w- C:\Program Files (x86)\GUT30FA.tmp.============= FINISH: 14:08:20.68 =============== ATTACH.TXT: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/20/2011 9:29:54 AMSystem Uptime: 1/23/2014 1:01:58 PM (1 hours ago).Motherboard: LENOVO | | Emerald LakeProcessor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2294/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 552 GiB total, 349.718 GiB free.D: is FIXED (NTFS) - 29 GiB total, 22.541 GiB free.F: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart D110 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart D110 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .==== System Restore Points ===================.RP140: 1/11/2014 12:42:44 PM - AA11RP141: 1/11/2014 1:11:57 PM - Revo Uninstaller's restore point - McAfee Internet SecurityRP142: 1/15/2014 1:33:16 AM - Windows UpdateRP144: 1/15/2014 7:53:52 PM - Windows Modules InstallerRP145: 1/21/2014 12:27:06 AM - Windows UpdateRP146: 1/21/2014 3:00:11 AM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components InstallerActive Protection SystemAd-Aware AntivirusAdAwareInstallerAdAwareUpdaterAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader 9.5.5Advanced System ProtectorAntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software UpdateBest Buy pc appBioExcessBlackBerry Desktop Software 6.1BonjourBulk Rename Utility 2.7.1.2CyberLink YouCamD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDownload Updater (AOL LLC)DriverTuner 3.1.0.1EA SPORTS Game Face Browser Plugin 1.5.3.0EgisTec ES603 WDM DriverEnergy ManagementES603 WDM DriverFacebook Video Calling 2.0.0.447FFmpeg v0.6.2 for AudacityGoogle ChromeGoogle DriveGoogle Toolbar for Internet ExplorerGoogle Update HelperHP Photosmart D110 All-In-One Driver 14.0 Rel. 7iCare Data Recovery Free 5.0iCloudiLividIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Wireless DisplayIntel® PROSet/Wireless WiMAX SoftwareiTunesJava 7 Update 45Java Auto UpdaterJunk Mail filter updateLAME v3.99.3 (for Windows)Lenovo EasyCameraLenovo EE Boot OptimizerLenovo OneKey RecoveryLenovo Security SuiteLenovo Solution CenterMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Office 64-bit Components 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Starter 2010 - EnglishMicrosoft Office Word 2010Microsoft Office Word MUI (English) 2010Microsoft Office XP Professional with FrontPageMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Word 2010MobileMe Control PanelMplayerforWindows v2011-03-27MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyPC Backup Network64Open It!Port LockerPower2GoPowerISOPS_AIO_07_D110_SW_MinQuickTimeRealtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRealtek USB 2.0 Reader DriverRevo Uninstaller 1.95ScanSearch ProtectionSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSynaptics Pointing Device DriverToolboxUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionUpdate for Zip ExtractoruTorrentControl2 ToolbarVeriFaceVLCVLC media player 1.1.5Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesXvid Video CodecYahoo! Software UpdateYahoo! ToolbarZip Extractor Packages.==== Event Viewer Messages From Past Week ========.1/23/2014 2:07:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.1/23/2014 1:03:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.1/23/2014 1:03:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/23/2014 1:03:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/23/2014 1:02:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/23/2014 1:02:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/23/2014 1:02:43 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 211/23/2014 1:02:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BPntDrv discache EgisTecFF mwlPSDFilter mwlPSDNServ mwlPSDVDisk SCDEmu spldr Wanarpv61/23/2014 1:02:25 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.1/22/2014 5:26:55 PM, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist.1/22/2014 5:26:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EgisTec Service Help service to connect.1/22/2014 5:26:20 PM, Error: Service Control Manager [7000] - The EgisTec Service Help service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/22/2014 12:50:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update Whilokii service to connect.1/22/2014 12:50:06 PM, Error: Service Control Manager [7000] - The Update Whilokii service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/21/2014 12:21:28 AM, Error: Service Control Manager [7022] - The Google Update Service (gupdate) service hung on starting..==== End Of File =========================== Alright, I think that covers everything up. Thank you in advance for your help. James
  2. I ran a Malwaresbytes quick scan and the log shows two infections. I then ran a DDS but I am not certain how to read them. Attached are the reports. Am I still infected? Do I need to do anything? Thank you dds.txt mbam-log-2014-01-02 (19-13-16).txt attach.txt
  3. I performed a scan on my computer and it returned 2 entries Folders Detected: 2 C:\Users\Jocelyn\AppData\Local\Temp\ct2704262 (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Jocelyn\AppData\Local\Temp\ct2704262\xpi (PUP.Optional.Conduit.A) -> No action taken. After searching around, I found that this had been reported before but that there were no pinned resolutions so I thought it best to request advice. Gringo had previously replied requesting logs of dds and attach. I have copied these both below to speed up the help process. I am following this topic. Thanks DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 Run by Jocelyn at 17:57:19 on 2013-12-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6027.2458 [GMT 0:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\CxAudMsg64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\SysWOW64\SAsrv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\vsnpstd3.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\StikyNot.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Users\Jocelyn\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Jocelyn\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Google Update] "C:\Users\Jocelyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" StartupFolder: C:\Users\Jocelyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jocelyn\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: LastPass - C:\Users\Jocelyn\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\Jocelyn\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 192.168.1.254 TCP: Interfaces\{54B69E14-610F-4FBE-B2CB-3FF30407A8C2} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{A9218350-65D1-4175-B3F1-692B6CB51C77} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\2424242716D6265627 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\245626F687 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\377796373736F6D6 : DHCPNameServer = 192.168.48.1 TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\94D60756279616C6 : DHCPNameServer = 155.198.142.7 155.198.142.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli ACGina mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TpShocks] TpShocks.exe x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jocelyn\AppData\Roaming\Mozilla\Firefox\Profiles\8eeme5az.Default User\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll FF - plugin: C:\Users\Jocelyn\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll FF - ExtSQL: 2013-10-21 05:06; fmdownloader@gmail.com; C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com FF - ExtSQL: 2013-10-21 05:06; ytfmdownloader@gmail.com; C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-1-26 31344] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-17 15472] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-9 32104] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-1-26 198784] R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-10-21 9216] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-2-3 41832] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-17 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-2-3 60264] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-17 133992] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-28 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-28 701512] R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-1-26 101376] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?] R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-2-3 446800] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2012-2-4 1831024] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-17 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-17 142696] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-26 2656280] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-6-30 82544] R2 Virtual CDAudio Service;Virtual CDAudio Service;C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [2012-12-18 179648] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-3 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-28 25928] R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2012-12-18 37480] R3 rsvcdwdr;rsvcdwdr;C:\Windows\System32\drivers\rsvcdwdr.sys [2012-12-18 45192] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-1-26 1161832] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-9 144232] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424] S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-1-26 437288] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-26 39976] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-1-26 478056] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-28 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-1-26 87400] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-1-26 173416] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456] S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2012-12-18 37480] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-6 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-2 1255736] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-12-28 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-12-28 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-12-28 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-12-28 29288] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-11-16 03:56:12 872392 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2013-11-13 19:19:26 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-13 19:19:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-11-13 19:19:06 497152 ----a-w- C:\Windows\System32\drivers\afd.sys . ==================== Find3M ==================== . 2013-11-15 16:00:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-15 16:00:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-09 12:46:16 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys . ============= FINISH: 17:58:24.61 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 31/01/2012 23:34:08 System Uptime: 02/12/2013 11:20:42 (6 hours ago) . Motherboard: LENOVO | | 4178CTO Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 281 GiB total, 157.646 GiB free. D: is CDROM () E: is FIXED (NTFS) - 932 GiB total, 613.89 GiB free. F: is CDROM () Q: is FIXED (NTFS) - 16 GiB total, 6.571 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP140: 13/11/2013 05:54:51 - Scheduled Checkpoint RP141: 15/11/2013 15:32:41 - Windows Update RP142: 23/11/2013 16:46:46 - Scheduled Checkpoint RP143: 28/11/2013 12:15:16 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Digital Editions 2.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.8) Adobe Shockwave Player 12.0 Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Mobile Device Support Apple Software Update ATLAS.ti Audacity 2.0.2 Audials AudibleManager BBC iPlayer Downloads Bonjour Burn.Now 4.5 calibre 64bit Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant 20672 SmartAudio HD Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory Lenovo Edition Corel WinDVD Create Recovery Media D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Direct DiscRecorder Dropbox EndNote X5 Evernote v. 4.2.3 Freemake Youtube Mp3 Converter FreeRIP 3.92 GIMP 2.8.2 Google Calendar Sync Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HD Tune 2.55 Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Network Connections Drivers Intel® Processor Graphics iTunes Junk Mail filter update LastPass (uninstall only) Lenovo Auto Scroll Utility Lenovo Patch Utility Lenovo Patch Utility 64 bit Lenovo Registration Lenovo Screen Reading Optimizer Lenovo System Interface Driver Lenovo ThinkVantage Toolbox Lenovo User Guide Lenovo Warranty Information Lenovo Welcome LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Mendeley Desktop 1.8.1 Message Center Plus Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Lync 2010 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker Mozilla Firefox 25.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) On Screen Display Photo Common Photo Gallery PrimoPDF -- brought to you by Nitro PDF Software Python 3.3.2 QuickTime R for Windows 2.15.1 RapidBoot Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 ResearchSoft Direct Export Helper RICOH_Media_Driver_v2.13.18.02 RStudio Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) Skype™ 6.6 Sql Server Customer Experience Improvement Program Stata 11 swMSM Symantec Endpoint Protection System Update TagScanner 5.1.625 ThinkPad Bluetooth with Enhanced Data Rate Software ThinkPad FullScreen Magnifier ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkPad Wireless LAN Adapter Software ThinkVantage Access Connections ThinkVantage Active Protection System ThinkVantage Communications Utility Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition VIP Access VLC media player 2.0.5 Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) Windows Driver Package - Intel System (09/10/2010 9.2.0.1011) Windows Driver Package - Intel System (11/20/2010 9.2.0.1016) Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021) Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 WinZip 14.0 . ==== Event Viewer Messages From Past Week ======== . 29/11/2013 11:45:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service. 28/11/2013 11:45:59, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). 28/11/2013 03:34:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 27/11/2013 11:33:15, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2C328087-19A6-4A13-8C94-BC9656B25963} because another computer on the network has the same name. The server could not start. 27/11/2013 09:46:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 27/11/2013 00:27:30, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 27/11/2013 00:27:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service. 27/11/2013 00:26:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 26/11/2013 08:39:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lenovo.VIRTSCRLSVC service. 02/12/2013 00:53:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect. 01/12/2013 12:44:41, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. . ==== End Of File ===========================
  4. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 1.6.0_26 Run by Jonny Marmotte at 22:22:10 on 2013-10-29 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.33.1033.18.2939.1452 [GMT 1:00] . AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\TAMSvr.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\crypserv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe C:\Windows\system32\lxebcoms.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Toshiba TEMPRO\TempoSVC.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\TrueSuite Access Manager\FpNotifier.exe C:\Program Files\TrueSuite Access Manager\usbnotify.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxext.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe C:\Windows\system32\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\system32\Taskmgr.exe C:\Users\Jonny Marmotte\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uURLSearchHooks: Search Class: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - uURLSearchHooks: {ef79f67a-6ad7-4715-a0f8-932fca442023} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [TOSCDSPD] TOSCDSPD.EXE uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iBP] <no file> mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe mRun: [usbMonitor] c:\program files\truesuite access manager\usbnotify.exe mRun: [PwdBank] c:\program files\truesuite access manager\PwdBank.exe mRun: [skytel] Skytel.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe" mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe" mRun: [Lexmark Pro200-S500 Series Fax Server] "c:\program files\lexmark pro200-s500 series\fm3032.exe" /s mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\jonnym~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jonny marmotte\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\jonnym~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\jonnym~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5E719B83-4D23-4900-B564-9E1F7E8D64D3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{936524A3-4DBD-48FE-8F48-F8169B0DD9A4} : DHCPNameServer = 192.168.10.110 TCP: Interfaces\{FE985572-2FDF-4D45-99D2-D4F8B89B278A} : DHCPNameServer = 192.168.10.110 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jonny marmotte\appdata\roaming\mozilla\firefox\profiles\qyq5zvd7.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\users\jonny marmotte\appdata\roaming\mozilla\firefox\profiles\qyq5zvd7.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll . ============= SERVICES / DRIVERS =============== . R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-3-14 42608] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-12 223864] R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-1 7168] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-4 112128] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2010-7-26 28224] . =============== Created Last 30 ================ . 2013-10-29 16:27:35 -------- d-----w- c:\programdata\Malwarebytes 2013-10-29 16:27:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-29 16:27:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-29 07:51:29 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da1e2ae2-dc33-4443-831e-f27795f63216}\mpengine.dll 2013-10-26 01:23:12 -------- d-----w- c:\program files\iPod 2013-10-26 01:23:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-26 01:23:08 -------- d-----w- c:\program files\iTunes 2013-10-13 09:57:02 -------- d-----w- c:\users\jonny marmotte\appdata\local\ABBYY 2013-10-08 22:25:15 2050048 ----a-w- c:\windows\system32\win32k.sys 2013-10-08 22:25:12 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-08 22:25:12 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-08 22:25:12 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-08 22:25:11 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-08 22:25:11 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-08 22:25:11 226304 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-08 22:25:10 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-10-08 22:25:09 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-10-08 22:25:07 532480 ----a-w- c:\windows\system32\comctl32.dll 2013-10-01 08:17:18 21527448 ----a-w- c:\program files\mozilla firefox\xul.dll . ==================== Find3M ==================== . 2013-10-10 12:54:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-10 12:54:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-03 12:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll 2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll 2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll 2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll . ============= FINISH: 22:23:24,18 ===============
  5. Note: This is a copy/paste job with some modifications. I tried inquiring about this on Bleepingcomputer - got 1 reply and no help. Saw you guys gave a better response to another with a similar problem. Hello there - I'm new, and I'm currently trying to fix my mother's computer. Ok, here we go..... My mother ended up having DNSbasic and other crud on her computer (she likes games). I managed to clear that out using Norton, SAS, and Malwarebytes. I also deleted some program folders and registry entries manually in safe mode (I know - Big NO-NO ) Anyway, I ended up with clean scans of health, and the computer and its browsers (at least firefox) was working great - fast connections, no pop-ups, no nothing . I then decided to be more thorough and try to do a "hijack this!' kind of post on another tech site just to make sure I need nothing further (like a recovery console repair). I downloaded the DDS.scr and gmer files (following Tech Support forum's instructions). Disabled my norton 360 per instructions and decided to "disable radio" on my wifi. Ran the scan and it seemed to work, but then it froze. No action whatsoever from the computer. I waited 5 min. or so and then decided to just cut the computer off - no proper shutdown. I had no other choice. Ctr+Alt+Del nor anything else was working. When I restarted the computer, the startup was a little slower - like there were more processes going on. But it started well enough, and I tried running it again. Same problem, same solution. I cut the computer back on (start up was slow again, but not any slower than before), logged back on, and moved on to the gmer file. That went just fine. Once done, I then decided to download the DDS.com DOS program from the Bleepingcomputer site. Same problem occured, and once again I just shut off the computer. This time when I cut it back on, It was VEEEERY slow at start-up (5 min. or so I waited). I then bacame concerned that I screwed up the OS since it seemed to continue to process, but didn't start up. So I cutoff while still "loading", and cut it back on again. It then prompted me that Windows didn't shut down properly........safe mode option. I clicked the safe mode option, and it was still slow to load, but at least it loaded. Deleted the dds program I downloaded, and restarted the computer - properly. Slow to start again in regular mode, but it did finally start up. Everything was VEEERY slow to load upon start-up. Downloaded the OTC program found on Bleepingcomputer, and it didn't do much good. I'm now here asking for help. I'm very sorry for this long post, but I'm hoping that a more thorough post would return an even quicker response. Thank you all for your time. And 'system restore' has been disabled since battling this, so that's not an option.
  6. Hello, I had been running the free version. after each scan in last few days I kept getta trojan agent ED so came here looking for help followed instructions in infected what do i do now...bought the pro version ran it...did the dds and the attach now I am here I have several questions I do not want to bog down forums...so I am still following instructions to copy and past the two logs here... I hope this is right... no it says not to post unless specifically instructed.... am I to run the MBPro on all users how do I know if I have fixed the problem? what is a fake positive? if I bought the pro version should I be going through email support. last but not lease the last two days before all this I made sure I was offline when I left the house when I came back it was online again WTheck???? please help thanks Deb
  7. Hello, hoping that maybe you can help with the virus that I have on my laptop..apparently it is the win32/olmarik trojan. I have pasted the dds logs below. Thank you!!! DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.7.0_05 Run by Kimberly at 19:59:27 on 2012-10-16 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1562 [GMT -4:00] . AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Kimberly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\splwow64.exe C:\Windows\system32\DllHost.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\Kimberly\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\cscript.exe ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve mStart Page = hxxp://search.coupons.com/ uProxyServer = 172.16.6.21:8080 uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll uURLSearchHooks: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - <orphaned> mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEToolbarBHO Class: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files (x86)\LinkedIn\IE Toolbar\3.2.7.1002\LinkedInIEToolbar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: LinkedIn Toolbar: {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files (x86)\LinkedIn\IE Toolbar\3.2.7.1002\LinkedInIEToolbar.dll TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - TB: LinkedIn Toolbar: {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files (x86)\LinkedIn\IE Toolbar\3.2.7.1002\LinkedInIEToolbar.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - EB: LinkedIn Toolbar: {85E0B171-04FA-11d1-B7DA-00A0C90348D6} - C:\Program Files (x86)\LinkedIn\IE Toolbar\3.2.7.1002\LinkedInIEToolbar.dll uRun: [Google Update] "C:\Users\Kimberly\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Facebook Update] "C:\Users\Kimberly\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [spotify Web Helper] "C:\Users\Kimberly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Video Performer63600.exe] "C:\Users\Kimberly\AppData\Local\Temp\Video Performer63600.exe" /XML="C:\Users\Kimberly\AppData\Local\Temp\E792.tmp" /STP=1:2 uRun: [faFFsXjutnotyHb.exe] C:\ProgramData\faFFsXjutnotyHb.exe uRun: [7WqjYSLdtSb5EQ] C:\ProgramData\7WqjYSLdtSb5EQ.exe uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\Kimberly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{A1DC8AFD-E411-41F9-B5BF-DCA834E245C0} : NameServer = 216.146.35.240,216.146.36.240,209.18.47.61,209.18.47.62 TCP: Interfaces\{A1DC8AFD-E411-41F9-B5BF-DCA834E245C0} : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{A1DC8AFD-E411-41F9-B5BF-DCA834E245C0}\843736F64747D616E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A1DC8AFD-E411-41F9-B5BF-DCA834E245C0}\B494140214365627 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\h4kcyrh5.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4012_6&babsrc=HP_ss&mntrId=b4b799a8000000000000c0cb381cadf8 FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10011&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Kimberly\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Kimberly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Kimberly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b4b799a8000000000000c0cb381cadf8&q= FF - user.js: extensions.BabylonToolbar.id - b4b799a8000000000000c0cb381cadf8 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15618 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.719:56:17 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-26 55280] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-26 98208] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-5 81920] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-16 399432] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-24 1153368] R2 Sendoriv1;Sendoriv1;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-9-26 118632] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-26 2320920] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-26 20984] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-21 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-26 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-26 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-26 74280] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-27 136176] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 676936] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-2-10 36256] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-10-26 53800] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-26 35104] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-2 21712] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-2 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-27 136176] S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;C:\Windows\System32\drivers\libusb0.sys [2011-12-7 43456] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-12-3 21504] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-13 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-26 245792] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-2-10 125344] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-2-10 16800] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-2-10 159136] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-5 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-26 1692480] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-16 23:19:02 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5926BD0F-E37A-44C1-9059-AB460D83E668}\offreg.dll 2012-10-16 23:17:43 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5926BD0F-E37A-44C1-9059-AB460D83E668}\mpengine.dll 2012-10-16 01:24:06 -------- dc----w- C:\Users\Kimberly\AppData\Roaming\ESET 2012-10-15 21:00:16 -------- dc-h--w- C:\Users\Kimberly\AppData\Local\ESET 2012-10-15 20:55:17 -------- dc----w- C:\Program Files\ESET 2012-10-15 17:12:35 350208 -c-ha-w- C:\ProgramData\gwpVosj6PC7hTy.exe 2012-10-11 23:42:11 -------- dc-h--w- C:\Users\Kimberly\AppData\Local\{C384DB0A-E87F-4B77-857B-89E6A2B92324} 2012-10-11 19:36:04 -------- dc-h--w- C:\Users\Kimberly\AppData\Local\{F8187FC9-F980-4B57-8DF3-513C4420E57B} 2012-10-11 19:35:42 -------- dc-h--w- C:\Users\Kimberly\AppData\Local\{F78DD1EE-BF38-4561-9706-C198974EF9C4} 2012-10-10 16:43:26 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-10 16:43:22 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-10 16:43:20 3971440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-10 16:43:20 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-08 15:23:55 -------- dc----w- C:\Windows\SysWow64\Adobe 2012-10-06 16:27:58 -------- dc----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-10-05 23:58:23 -------- dc-h--w- C:\ProgramData\Symantec 2012-10-05 23:58:16 -------- dc----w- C:\Windows\System32\drivers\NSSx64\0307020.005 2012-10-05 23:58:16 -------- dc----w- C:\Windows\System32\drivers\NSSx64 2012-10-05 23:58:16 -------- dc----w- C:\Program Files (x86)\Norton Security Scan 2012-10-05 23:58:15 -------- dc-h--w- C:\ProgramData\Norton 2012-10-05 23:58:14 -------- dc-h--w- C:\ProgramData\NortonInstaller 2012-10-05 23:57:00 278528 -c--a-w- C:\Windows\SYCLicense_100811.dll 2012-10-05 23:56:02 -------- dc-h--w- C:\ProgramData\Babylon 2012-10-05 23:56:01 -------- dc----w- C:\Program Files (x86)\Sendori 2012-09-25 23:31:59 73696 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-17 18:03:09 -------- dc-h--w- C:\ProgramData\7531CC92E235EE8F53C029AF4F147CE7 . ==================== Find3M ==================== . 2012-10-11 07:03:24 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-11 07:03:24 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-11 07:02:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-11 07:02:46 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-11 07:02:25 714752 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-11 07:02:25 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-11 07:02:00 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-11 07:02:00 1462784 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-11 07:02:00 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-11 07:02:00 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-11 07:02:00 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-11 07:01:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-09-25 07:02:36 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-25 07:02:36 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-09-25 07:02:36 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-09-25 07:02:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-09-25 07:02:36 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-09-25 07:02:36 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-09-25 07:02:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-09-25 07:02:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-25 07:02:35 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-09-25 07:02:35 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-09-25 07:02:35 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-09-25 07:02:34 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-09-13 07:05:12 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-13 07:05:12 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-08-16 07:07:26 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-08-16 07:07:26 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-08-16 07:06:47 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-08-16 07:06:47 67584 ----a-w- C:\Windows\splwow64.exe 2012-08-16 07:06:47 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-08-16 07:06:47 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-08-16 07:04:36 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-08-16 07:04:36 41472 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-16 07:04:36 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-16 07:04:32 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-08-16 07:04:25 956416 ----a-w- C:\Windows\System32\localspl.dll 2012-08-05 20:58:55 499712 -c--a-w- C:\Windows\SysWow64\msvcp71.dll 2012-08-05 20:58:55 348160 -c--a-w- C:\Windows\SysWow64\msvcr71.dll 2012-07-24 12:00:51 70344 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-24 12:00:51 426184 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 20:02:37.26 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/2/2010 9:05:42 PM System Uptime: 10/16/2012 7:13:27 PM (1 hours ago) . Motherboard: Dell Inc. | | 08VFX1 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 344.536 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: DW1501 Wireless-N WLAN Half-Mini Card Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_00101028&REV_01\4&D0BBF38&0&00E1 Manufacturer: Broadcom Name: DW1501 Wireless-N WLAN Half-Mini Card PNP Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_00101028&REV_01\4&D0BBF38&0&00E1 Service: BCM43XX . ==== System Restore Points =================== . RP570: 10/15/2012 3:44:14 PM - Windows Update RP571: 10/15/2012 8:00:09 PM - Configured Microsoft Office Home and Business 2010 RP572: 10/15/2012 8:16:46 PM - Restore Operation RP573: 10/16/2012 10:44:23 AM - Windows Update RP574: 10/16/2012 10:59:09 AM - Configured Microsoft Office Home and Business 2010 RP575: 10/16/2012 12:40:08 PM - Windows Update . ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 Advanced Audio FX Engine Amazon MP3 Downloader 1.0.12 Amazon MP3 Uploader Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bitcoin Blue SyncRoid PC Client Bonjour Canon Easy-PhotoPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.1 Canon MX360 series MP Drivers Canon MX360 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility Cisco WebEx Meetings Citrix Presentation Server Client Consumer In-Home Service Agreement Cozi D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center Dell Webcam Central DocuSign Ink Driver Performer 2010 DriverAgent by eSupport.com DriverBoost DW WLAN Card ESET Smart Security Facebook Messenger 2.1.4590.0 ffdshow [rev 2527] [2008-12-19] Free PDF to Word Doc Converter v1.1 Getting Things Done Outlook Add-In Google Chrome Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 GoToMeeting 5.1.0.880 iLivid Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Turbo Boost Technology Monitor Internet TV for Windows Media Center iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 20 (64-bit) Java 7 Update 5 JavaFX 2.1.1 Jawbone Updater Junk Mail filter update LinkedIn Internet Explorer Toolbar LoJack Factory Installer Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Home and Business 2010 - English Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MotoHelper 2.0.46 Driver 5.0.0 MotoHelper MergeModules MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.0.0 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 14.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Security Scan Quickset64 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Red Light Center Roxio Burn SAMSUNG Android USB Modem Software Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Skype™ 5.10 SpeedFan (remove only) Spotify Spybot - Search & Destroy swMSM Synaptics Pointing Device Driver The VWW Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition WIDCOMM Bluetooth Software WildTangent Games Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash Yontoo 1.10.02 ==== Event Viewer Messages From Past Week ======== . 10/9/2012 10:13:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Kimberly-PC\Kimberly SID (S-1-5-21-362643469-1654947797-1469674735-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/9/2012 10:13:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Kimberly-PC\Kimberly SID (S-1-5-21-362643469-1654947797-1469674735-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/16/2012 7:51:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WHITES-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A1DC8AFD-E411-41F9-B5BF-DCA834E245C0}. The master browser is stopping or an election is being forced. 10/16/2012 7:16:35 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. 10/16/2012 7:16:35 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified. 10/16/2012 7:13:40 PM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver. 10/16/2012 5:28:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/16/2012 5:28:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/16/2012 5:20:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/16/2012 5:20:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/16/2012 5:19:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 10/16/2012 5:19:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/16/2012 5:19:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/16/2012 5:19:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv spldr Wanarpv6 10/16/2012 5:19:40 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 10/16/2012 12:40:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Creative Technology Ltd. - Streaming Media and Broadcast - Creative Live! Camera. 10/16/2012 12:34:42 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.3 did not allow the name to be claimed by this computer. 10/15/2012 9:22:50 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/15/2012 8:26:42 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 10/15/2012 8:22:09 PM, Error: Service Control Manager [7000] - The Sendoriv1 service failed to start due to the following error: The system cannot find the file specified. 10/15/2012 3:53:59 PM, Error: Service Control Manager [7034] - The Sendoriv1 service terminated unexpectedly. It has done this 1 time(s). 10/15/2012 3:53:18 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The system cannot find the file specified. 10/15/2012 1:18:23 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/15/2012 1:08:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 1:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 10/15/2012 1:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/15/2012 1:05:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/15/2012 1:05:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/15/2012 1:05:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/15/2012 1:05:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  8. I have multiple computers infected with spyware.password and pup.crossfire.sa. Here is the dds and attach scripts from computer #1. I ran MWB, then ran dds, then uploaded scripts. 2nd computer coming soon. Here are the files in text format . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/17/2007 6:33:34 PM System Uptime: 9/24/2012 6:57:05 AM (1 hours ago) . Motherboard: Dell Inc. | | 0WG864 Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 458 GiB total, 389.422 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP2288: 6/26/2012 5:55:35 PM - System Checkpoint RP2289: 6/27/2012 6:55:40 PM - System Checkpoint RP2290: 6/28/2012 7:03:23 PM - System Checkpoint RP2291: 6/30/2012 11:19:16 AM - System Checkpoint RP2292: 7/1/2012 7:02:11 PM - System Checkpoint RP2293: 7/2/2012 9:51:32 PM - System Checkpoint RP2294: 7/3/2012 11:11:43 PM - System Checkpoint RP2295: 7/4/2012 11:15:04 PM - System Checkpoint RP2296: 7/6/2012 12:12:10 AM - System Checkpoint RP2297: 7/7/2012 2:52:07 AM - System Checkpoint RP2298: 7/8/2012 3:15:07 AM - System Checkpoint RP2299: 7/9/2012 4:15:09 AM - System Checkpoint RP2300: 7/10/2012 7:38:24 AM - System Checkpoint RP2301: 7/11/2012 6:21:54 PM - System Checkpoint RP2302: 7/12/2012 7:00:25 AM - Software Distribution Service 3.0 RP2303: 7/13/2012 7:30:33 AM - System Checkpoint RP2304: 7/14/2012 7:45:04 AM - System Checkpoint RP2305: 7/15/2012 8:30:36 AM - System Checkpoint RP2306: 7/16/2012 9:42:38 AM - System Checkpoint RP2307: 7/17/2012 10:30:40 AM - System Checkpoint RP2308: 7/18/2012 6:36:12 PM - System Checkpoint RP2309: 7/19/2012 6:38:24 PM - System Checkpoint RP2310: 7/20/2012 6:38:55 PM - System Checkpoint RP2311: 7/21/2012 7:05:26 PM - System Checkpoint RP2312: 7/22/2012 7:51:58 PM - System Checkpoint RP2313: 7/23/2012 8:41:30 PM - System Checkpoint RP2314: 7/24/2012 9:24:46 PM - System Checkpoint RP2315: 7/25/2012 9:58:41 PM - System Checkpoint RP2316: 7/26/2012 10:11:55 PM - System Checkpoint RP2317: 7/28/2012 3:17:07 AM - System Checkpoint RP2318: 7/29/2012 3:59:59 AM - System Checkpoint RP2319: 7/30/2012 4:04:09 AM - System Checkpoint RP2320: 7/31/2012 4:50:42 AM - System Checkpoint RP2321: 8/1/2012 5:14:29 AM - System Checkpoint RP2322: 8/2/2012 5:39:09 AM - System Checkpoint RP2323: 8/3/2012 3:22:30 PM - System Checkpoint RP2324: 8/4/2012 4:07:20 PM - System Checkpoint RP2325: 8/6/2012 8:15:05 AM - System Checkpoint RP2326: 8/7/2012 7:34:49 PM - System Checkpoint RP2327: 8/8/2012 10:06:28 PM - System Checkpoint RP2328: 8/9/2012 10:40:52 PM - System Checkpoint RP2329: 8/11/2012 3:29:27 AM - System Checkpoint RP2330: 8/12/2012 8:55:38 AM - System Checkpoint RP2331: 8/13/2012 6:01:26 PM - System Checkpoint RP2332: 8/14/2012 6:46:39 AM - Printer Driver Amyuni Document Converter 400 Installed RP2333: 8/15/2012 8:24:22 PM - System Checkpoint RP2334: 8/16/2012 7:00:26 AM - Software Distribution Service 3.0 RP2335: 8/17/2012 7:43:48 AM - System Checkpoint RP2336: 8/18/2012 8:43:39 AM - System Checkpoint RP2337: 8/19/2012 9:43:34 AM - System Checkpoint RP2338: 8/20/2012 10:43:30 AM - System Checkpoint RP2339: 8/21/2012 11:43:25 AM - System Checkpoint RP2340: 8/22/2012 6:30:19 PM - System Checkpoint RP2341: 8/22/2012 6:46:24 PM - Installed DirectX RP2342: 8/22/2012 10:02:59 PM - Printer Driver Amyuni Document Converter 400 Installed RP2343: 8/22/2012 10:06:11 PM - Printer Driver Amyuni Document Converter 400 Installed RP2344: 8/22/2012 10:06:52 PM - Printer Driver Amyuni Document Converter 400 Installed RP2345: 8/23/2012 10:43:16 PM - System Checkpoint RP2346: 8/25/2012 2:55:58 AM - System Checkpoint RP2347: 8/26/2012 3:43:29 AM - System Checkpoint RP2348: 8/27/2012 3:57:07 AM - System Checkpoint RP2349: 8/28/2012 4:55:33 AM - System Checkpoint RP2350: 8/29/2012 4:58:05 AM - System Checkpoint RP2351: 8/30/2012 5:43:36 AM - System Checkpoint RP2352: 8/31/2012 6:58:08 AM - System Checkpoint RP2353: 9/1/2012 7:09:05 AM - System Checkpoint RP2354: 9/2/2012 12:13:28 PM - System Checkpoint RP2355: 9/3/2012 1:05:25 PM - System Checkpoint RP2356: 9/4/2012 1:43:44 PM - System Checkpoint RP2357: 9/5/2012 6:01:05 PM - System Checkpoint RP2358: 9/6/2012 6:57:10 PM - System Checkpoint RP2359: 9/7/2012 7:33:07 PM - System Checkpoint RP2360: 9/9/2012 9:52:14 AM - System Checkpoint RP2361: 9/10/2012 9:40:44 PM - System Checkpoint RP2362: 9/11/2012 9:54:09 PM - System Checkpoint RP2363: 9/12/2012 10:56:11 PM - System Checkpoint RP2364: 9/13/2012 7:00:17 AM - Software Distribution Service 3.0 RP2365: 9/14/2012 9:29:44 AM - System Checkpoint RP2366: 9/15/2012 3:54:18 PM - System Checkpoint RP2367: 9/16/2012 4:29:45 PM - System Checkpoint RP2368: 9/17/2012 6:45:42 PM - System Checkpoint RP2369: 9/18/2012 7:29:49 PM - System Checkpoint RP2370: 9/20/2012 7:48:31 AM - System Checkpoint RP2371: 9/21/2012 7:58:10 AM - System Checkpoint RP2372: 9/22/2012 1:34:56 PM - System Checkpoint RP2373: 9/23/2012 7:00:15 AM - Software Distribution Service 3.0 RP2374: 9/23/2012 8:23:41 PM - Removed Java 6 Update 20 RP2375: 9/23/2012 8:24:04 PM - Installed Java 6 Update 35 . ==== Installed Programs ====================== . Actiontec Gateway Adobe AIR Adobe Community Help Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Reader 9.5.2 Adobe Shockwave Player Advanced Decoder Patch AI RoboForm (All Users) aioprnt Amazon Games & Software Downloader Amazon MP3 Downloader 1.0.3 AnswerWorks 5.0 English Runtime AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Bing Bar BL2003 Registration BlackBerry Desktop Software 6.0.2 Bonjour Broderbund Business Lawyer 2003 BUM C4USelfUpdater CCH Small Firm Services (xulRunner) CCScore Coupon Printer for Windows Creative MediaSource Creative Vado AAC Codec Creative Vado Effects Plugin Creative Vado HD Codec Creative Vado MP4 Reader Critical Update for Windows Media Player 11 (KB959772) CyberPower PowerPanel Personal Edition Data Doctor Recovery Memory Card 3.0.1.5 DeductionPro 2009 Dell CinePlayer Dell Driver Download Manager Dell Driver Download Manager - 1 Dell Driver Reset Tool Dell System Restore DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Elements 10 Organizer EPSON Printer Software ESSBrwr ESSCDBK ESScore essentials ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Facebook Plug-In Fences FormDocs 7.6.2 Google Chrome Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoToMyPC H&R Block Business 2009 (Remove Only) H&R Block Business 2010 (Remove Only) H&R Block Business 2011 (Remove Only) H&R Block Montana 2009 H&R Block Montana 2010 H&R Block Montana 2011 H&R Block Premium + Efile + State 2009 H&R Block Premium + Efile + State 2010 H&R Block Premium + Efile + State 2011 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBM ViaVoice Gold Command Runtime, Version 4.3 Intel® Matrix Storage Manager Intel® PRO Network Connections iTunes Java Auto Updater Java 6 Update 35 kgcbase kgchday Kodak AIO Printer KODAK EASYSHARE Gallery Easy Upload, v2.0 Kodak EasyShare software ksDIP KSU Learn2 Player (Uninstall Only) Lernout & Hauspie TruVoice American English TTS Engine Let's Go Read - An Island Adventure LiveUpdate 3.0 (Symantec Corporation) Logitech Print Service Logitech QuickCam Software Logitech® Camera Driver Malwarebytes Anti-Malware version 1.65.0.1400 Maxtor Manager MetaFrame Presentation Server Client Micro Logic Info Select 2007 Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser netbrdg nLite 1.4.9.1 Norton PC Checkup Notifier NVIDIA Drivers ocr OfotoXMI PC Study Bible 3.1 PCDADDIN PCDHELP Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) PHOTOfunSTUDIO 6.5 BD Edition PreReq PSE10 STI Installer Qualxserve Service Agreement Quicken 2010 QuickTime Roxio DLA Roxio Express Labeler Roxio MyDVD Plus Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI SFR SFR2 SHASTA SILKYPIX Developer Studio 3.1 SE SKIN0001 SKINXSDK Sleepy 6.2 Smilebox Sonic Activation Module Sonic Encoders Sound Blaster X-Fi staticcr Super Utilities Pro 7.39 Symantec AntiVirus Symantec KB-DocID:2003093015493306 TaxCut Montana 2007 TaxCut Montana 2008 TaxCut Premium + State + Efile 2008 tooltips Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant Viewpoint Manager (Remove Only) Viewpoint Media Player VPRINTOL WebEx WebIQ Technology Engine Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows Search 4.0 Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WIRELESS Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Music Jukebox . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mikeb at 7:05:10 on 2012-09-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1915 [GMT -6:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe C:\Program Files\Sleepy\service.exe svchost.exe C:\Program Files\Sleepy\slptask.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sleepy\slptray.exe C:\Program Files\Microsoft LifeCam\LifeExp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://seattletimes.nwsource.com/html/nationworld/?from=stnv2 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {36ada89d-2440-4dc4-820a-3a05e8630935} - c:\program files\video activex access\iesplg.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {31615D5C-5126-448A-818A-A7CDFEE85A9B} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot uRun: [super Utilities] c:\program files\superlogix\super utilities\SuperUtil.exe /min uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [\\DELL8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s10ic1.exe /p41 "\\dell8400\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\documents and settings\mikeb\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [updReg] c:\windows\UpdReg.EXE mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [\\DELL_8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p42 "\\dell_8400\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Auto EPSON Stylus Photo R300 Series on DELL_4600] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p48 "auto epson stylus photo r300 series on dell_4600" /o22 "\\dell_4600\EPSON R300" /M "Stylus Photo R300" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [\\DELL_GX50\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p42 "\\dell_gx50\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" mRun: [AdmTask] c:\program files\admtask\admtask.exe /m mRun: [\\DELL8400\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p41 "\\dell8400\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &Search IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://colorworldprinters.webex.com/client/T27L/support/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? TCP: Interfaces\{44A5B0B9-1B52-4C31-A60D-84EFE3B64963} : NameServer = 69.51.76.36,69.51.76.26 Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-5-6 43936] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 676936] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-9 1174152] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-4-1 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22856] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120921.002\naveng.sys [2012-9-21 92704] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120921.002\navex15.sys [2012-9-21 1601184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-20 250568] S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-6 401920] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-29 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-8-16 14336] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-24 02:24:23 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-24 02:24:23 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-15 23:29:00 92208 ----a-w- c:\windows\system\WING.DLL 2012-09-15 23:29:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV 2012-09-15 23:29:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV 2012-09-15 23:29:00 5024 ----a-w- c:\windows\system32\WINGPAL.WND 2012-09-15 23:29:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL 2012-09-15 23:29:00 188960 ----a-w- c:\windows\system\WINGDE.DLL 2012-09-15 23:29:00 12800 ----a-w- c:\windows\system\WING32.DLL 2012-09-15 23:28:59 92208 ----a-w- c:\windows\system32\WING.DLL 2012-09-15 23:28:59 12800 ----a-w- c:\windows\system32\WING32.DLL 2012-09-15 23:27:19 -------- d-----w- C:\ViaVoice 2012-09-15 23:25:50 299520 ----a-w- c:\windows\uninst.exe 2012-09-15 23:24:49 274432 ----a-w- c:\windows\TLCUninstall.exe 2012-09-15 23:24:49 -------- d-----w- c:\program files\The Learning Company 2012-09-07 03:19:01 -------- d-----w- c:\documents and settings\mikeb\application data\Malwarebytes 2012-09-07 03:18:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-07 03:18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-07 03:18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-09-24 02:24:11 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-07 02:20:32 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 02:20:31 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-08-15 05:52:34 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2008-10-30 02:43:14 774144 ----a-w- c:\program files\RngInterstitial.dll . ============= FINISH: 7:05:27.50 ===============
  9. I recently had a attack on my Acer Aspire by a Trojan virus. After about three days I manage to gain internet access again and download the malware bytes program. It found several objects and I removed them. Unfortunally my computer still will not go back to it's previous state, I was sure all my files were gone for good but when I check my storage it seems everything stiil there. I tried downloading the dds program but since everything is so jacked up I couldn't disable my malware to proceed through the process. Just for more information puposes I have windows 7 and when I log onto my computer, the background is black and I only have a few desktop icons and my start menu is wipeed out as well. So please help me save my baby
  10. Hello anyone who is willing to help, I have attached my DDS log. I have run combofix, malwarebytes and then both of those again and still getting redirected after typing a search in google and clicking on results. Please let me know if you see anything in the log that is suspicious and if you have any ideas on removal. DDS did not return the attach.txt file Thanks for your time DDS.txt
  11. I was searching on Google yesterday when I started experience the Google Redirect Virus, I was able to pinpoint that it was Google when I went directly to the links that I wanted to go to in my URL bar instead of clicking on the link from Google. Shortly after that I had a pop-up for My Secruity Shield and my Internet Explorer displayed that the webpage (Google) was under a virus attack. I had never experienced either of these virus so I just clicked the X on the My Secruity Shield pop-up, intending to do a scan afterwards. Big mistake. My Secruity Shield infected my computer and made Windows Secruity Essentials unusable with Error code: 0x80070424. (Which as you probably know is the code for hijackware.) I hard-reset the computer and upon reboot My Secruity Shield was still active. I hard-reset again and this time I logged onto my other user. The other user appeared unaffected by My Security Shield except that Windows Secruity Essentials was still down. I then did some searching on the problem and followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield I did not do Step 20 as I had to get up for work in 6 hours and didn't have the time to sit up doing another download and then a scan. Also, I am still running RKill every time when I log onto my user that I was infected on. Now My Secruity Shield seems to be gone and Malwarebytes is detecting (and blocking) malcious websites. The following is a list of the websites detected so far. All of them are in IP format. 78.41.203.125 206.161.121.3 64.34.127.185 195.80.148.5 There was also a 77.something that I was unable to screen cap in time. I followed the instructions on the matter which were given by user BornSlippy at http://forums.malwarebytes.org/index.php?showtopic=111851 who directed towards http://forums.malwarebytes.org/index.php?showtopic=9573 I followed the directions and ran DDS, now I am posting my logs as instructed by Admin AdvancedSetup. (I also read somewhere not to attach the files because if any real-time interaction happened between my computer and any of yours, it would be possible that my computer would infect any computers that interacted with mine. Below this point are the pasted logs. LOGS TO BE POSTED AS NOTEPAD WON'T OPEN UNTIL I REBOOT.
  12. I have been infected with the Trojan.Dropper.BCMiner virus on my work computer. It happened a couple of weeks ago and I have noticed IE redirecting after the infection. I ran MalwareBytes from safe mode but the virus was not successfully cleaned. I have been reading about this virus and it seems that it may not be an easy one to get rid of yet. I have attached the DDS, Attach and mbam logs and would really appreciate any help with this issue. Thanks in advance. Attach.txt DDS.txt mbam-log-2012-08-08 (16-23-20).txt
  13. HI, my pc is infected and I had already tried to run hijack , but hijackthis is giving me an error : this is the message I have attached Hijack this can't write to the host file ,,anyway the image is in the attachment.. Can you please help? Thankx, Fraagje
  14. My MAM has informed me every less than a min that it "succesfully blocked access to a potentially malicious website 178.238.233.156. Type: Outgoing, port: 51475, process: svchost.exe" I am so desperated for some help now because I tried some other antivious programme already but they did not work. Thank you very much Attach.txt DDS.txt
  15. Hy! My nod32 scanned this thread but it says that it is unable to clean.So I scaned with Malwarebytes and also nothing happend.After all that I have installed a Microsoft Security Essentials and it cleaned it but the virus show up constantly.I have also saved my DDS and Attach files so if you know where is the problem please help me!Thank You! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.