Jump to content

Search the Community

Showing results for tags 'hijacked'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 18 results

  1. My computer appears to have been affected by a horrible case of fileless malware, enabling RDP services which may have installed a Clover Bootloader, android emulation Hyper driver, as well as phpmailer. Those are just what I saw from the browsing history. I cannot enable IPV4 DNS to communicate directly with the router. Each time I install any kind of software it spawns more processes and embeds itself further into the OS. I believe there a reverse proxy that’s routing it somewhere, I just can’t figure out what rules are causing it. The issue is very persistent, and whatever malicious toolset was used was used on two previous PCs and rendered them inoperable. The PC being used now is three or so weeks old, and is on its second Windows install. Recovery will not work and resetting does not work. The good news, if there is any, is that the file dates on this is the same as the initial set from last year so whatever is going on has not been updated since then. There are a lot of powershell manifest files on the C drive, various installed programs without installation files, and the /fixboot operation does not work. The Dism.exe seems to exacerbate the problem, as well as SFC. I’ve tried to update the drivers from the manufacturer’s site, but they do t seem to be able to coexist with whatever (software or hardware emulation?) is already installed and operating on the PC. It also appears to be grabbing other devices locally close by that aren’t on the LAN like the phone, TV, MacBook, etc. Accounts created and logged into the past few weeks have had settings changed, so there’s a keylogger as well. It looks like it started with a DLL hijack/proxy, then privilege escalation. The easy answer is obviously to wipe the machine, but I’ve tried that with a Windows USB. It doesn’t remove everything completely. It still uses the drivers and many of the programs from the previous version. It also maintains the Registry, which is likely the root cause. It’s pretty overwhelming, and I’m not sure where to start. Malwarebytes antivirus kicks up the CPU usage to 100%, especially when scanning the registry. It never finds anything, though. Thanks in advance for the assistance!
  2. Hello, Our Community Project at hxxps://popupdb.org is being flagged as hijacked. This is not true. The Project tracks down malicious scam websites, which are used to run Microsoft Telephone Scams and has no malicious intentions. Sincerely Admin of PopupDB
  3. So about a week ago i somehow got a virus. First i just went around directories like the program files and appdata. I found a few viruses and adware and deleted them manually. I then decided to run Malwarebytes and it found a ton of viruses including a browser hijacker (yeabest.cc). I quarantined and removed all th files, but then a day later i launched Google Chrome and it was redirected to Yeabest.cc again. I tried resetting and redownloading Chrome, but nothing worked. I ran Malwarebytes and it found a new bunch of viruses which i deleted. I later found out that the Yeabest.cc browser hijacker had changed the destination path for Google Chrome to run another program which started the yeabest.cc page. I removed the extension but it came back to the file after about 20 minutes. After that i have run Malwarebytes upwards of 15 times in a few days. Yesterday when the program asked me to restart the computer i did so, but when windows loaded again, it got stuck on the loading screen of Windows. I've restarted the PC many times, changed boot options and resetted BIOS setting. Nothing seems to help, and i can't even get into the normal BIOS recovery page as my motherboard has some fancy UEFI BIOS that makes it so that when pressing F8 or F5 during startup, it just goes in to the UEFI BIOS... I'm contemplating just buying a new SSD and reinstalling Windows, but it would be a very sad situation to have to throw out a lot of my work. I'd love to send some log files, but as i cannnot access the PC, that won't be possible. The system is a rather high-end desktop PC with multiple drives. Thank you very much in advance for the assistance
  4. Currently running Malwarebytes Premium (latest update) and trial of Anti-Exploit. It was my understanding that they run side-by-side. Recently installed freeware software. I am careful to read each box along the installation path. I never agree to install additional options. Next time I opened IE 11, I was greeted by a different home page than my usual Google.com. It was Trustedsurf.com. Checked my browser startup page, which was still set on Google. Cleaned temp files, restarted and same thing happened. Checked and Firefox, the same. Did a full scan with MalwareBytes, which came up with ZERO. Apparently, MalwareBytes is blind to the fact that there is a hijacker on my machine. Anti-Exploit is also blind that there has been a change to two of the products it is supposed to protect and monitor. Any ideas on this as to why both products are not seeing this hijack?? Thanks
  5. hi, i opened my browers and it was infected or hijacked by another page called delta homes, i have Windows 8, i restored it to another date and it disappeared but appeared later, i read some place to use malwarebytes, i did, i deleted every pup that appeared, i didnt know which were the pups that were doing the damage, i guess i did something and screwed it up because now i click on ie and it says that something modied changed or something happened to the program, i used malwarebytes twice because where it mentioned to use it said to use it twice, i will paste the log informat5ion, below, please help, and just to mention im not totally sure delta homes is gone, i managed to open ie page using the run diallog box, then i managed to leave an address option in the tool bars, i never seen this option before but thats how i get to ie and use the web. so ie is still functioning, but i cant find regular icon on like before. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22/07/2015 Scan Time: 10:28 a.m. Logfile: malbyteswar.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.22.04 Rootkit Database: v2015.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x86 File System: NTFS User: Novella pc Scan Type: Threat Scan Result: Completed Objects Scanned: 301171 Time Elapsed: 9 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 4 PUP.Optional.XTab.A, C:\Program Files\MiuiTab\ProtectService.exe, 1720, Delete-on-Reboot, [f0dc3ea696f464d2a29d75e7d8297888] PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1316, Delete-on-Reboot, [e7e5f7ed1971ad89d7a4a7770bf8827e] PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\CmdShell.exe, 3236, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9] PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\HPNotify.exe, 3336, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9] Modules: 9 PUP.Optional.SupTab.A, C:\Program Files\MiuiTab\SupTab.dll, Delete-on-Reboot, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\BrowserAction.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\IeWatchDog.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcp110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcp110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcp110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcr110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcr110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcr110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], Registry Keys: 59 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [f0dc3ea696f464d2a29d75e7d8297888], PUP.Optional.Airglobe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{913d2ed3-4e23-413f-bdab-195da83ca204}Gw, Quarantined, [408ce8fcacde0234198e3e2df60f27d9], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}\INPROCSERVER32, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\INPROCSERVER32, Quarantined, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.AdGazelle.A, HKLM\SOFTWARE\AdGazelle, Quarantined, [9735bd27b5d50e28751fdc3b25de49b7], PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\Crossbrowse, Quarantined, [28a430b48bff88ae09a3f8155ba8e11f], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\delta-homesSoftware, Quarantined, [606c8d576c1ea5912c1baa88a162e818], PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, Quarantined, [606c16ce563406307d19e2b31ee61de3], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, Quarantined, [cefef4f0226824123211cc4f11f226da], PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\oursurfingSoftware, Quarantined, [a9238d57e8a283b358607e8c2fd4b34d], PUP.Optional.Picexa.A, HKLM\SOFTWARE\PicexaSvc, Quarantined, [eede5490aedc023466039afbc440cd33], PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [676520c4870338fe0e06136d7c88b44c], PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, Quarantined, [bf0d2bb96723dc5afaa7761f7391fd03], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6765568e4644eb4b63f5ae5d1ce7be42], PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [c10b05df9bef75c1c2b59bf641c328d8], PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [1ab2a63e0e7cf541be534feb659eb54b], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [eddf657f8efc53e37a3f828b23e0be42], PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\SUPDP, Quarantined, [f7d542a243476fc717ed376770948977], PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [2aa28d57f2983600f12a032b659ed62a], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, Quarantined, [ab21d50f305aec4a471b63d39b68a957], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [e7e5f7ed1971ad89d7a4a7770bf8827e], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [fcd0aa3a76145adc4ea241e30df6fc04], PUP.Optional.GeForce.A, HKU\S-1-5-18\SOFTWARE\Ge-Force-nv-ie, Quarantined, [5e6e8b59d7b3ab8bddfb32588a7a1ae6], PUP.Optional.HD4Good.A, HKU\S-1-5-18\SOFTWARE\HD4Good-nv-ie, Quarantined, [f5d731b362286bcbe05efd8f1de78c74], PUP.Optional.SavePass.A, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [0ebe44a0157593a3b94d2f01f21113ed], PUP.Optional.Sense.A, HKU\S-1-5-18\SOFTWARE\Sense-nv-ie, Quarantined, [507c80642f5b0234f575f09bf80cdd23], PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [0bc100e4553557df6713335e2fd57e82], PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [8745ffe563275fd7c4e7eda434d03ec2], PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, Quarantined, [cc00c51f5d2dbc7a4467cac761a30af6], PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, Quarantined, [a32935af21691a1c109bff9217ed39c7], PUP.Optional.CrossRider.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\Cinema Video 1.8V12.06-nv-ie, Quarantined, [6f5d3da724666acc379fef34a261768a], PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\Crossbrowse, Quarantined, [ddef33b1abdf78bef5b6bd50ff0449b7], PUP.Optional.GeForce.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\Ge-Force-nv-ie, Quarantined, [f4d82db7fe8c91a58a4e3555fe06cd33], PUP.Optional.HD4Good.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\HD4Good-nv-ie, Quarantined, [2ba17b6993f7280e85b9fc9071935da3], PUP.Optional.HighDefAction.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\HighDefAction, Quarantined, [7953ac38a7e3a88eeca9f1a452b211ef], PUP.Optional.SavePass.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [ae1ed60ed6b442f463a3919fa95af907], PUP.Optional.Sense.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\Sense-nv-ie, Quarantined, [efddb62e7218f34379f1850692720af6], PUP.Optional.YorkNewCin.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\YorkNewCin, Quarantined, [af1d568e3951270fc3ddb6dfa55f5fa1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [913bfde78dfd58de3fb0c5b35fa504fc], PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\ARENAHD, Quarantined, [a92335afd2b88aac43332170b64e49b7], PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [bb113da7078370c69ddc49c4c2414db3], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [06c633b1c7c3fa3c57db64a9986bce32], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, Quarantined, [09c35094ccbea98db2803fce758ee818], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}, Quarantined, [3f8dab398a006bcbd260d439be45e917], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, Quarantined, [08c408dc3357c76f3df59d70ad560cf4], PUP.Optional.ProductSetup.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [17b540a4bad044f26600b1e7c63ed030], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\SYSTWEAK\ssd, Quarantined, [9f2d7470b0da52e4f26f44f2d92aaf51], Registry Values: 19 PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [c10b05df9bef75c1c2b59bf641c328d8] PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [25a7954ffb8f73c3fb87f9989e665ba5] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, Quarantined, [eddf657f8efc53e37a3f828b23e0be42] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://search.delta-homes.com/web/?type=ds&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE&q={searchTerms}, Quarantined, [715b42a2e9a1999dc9f01bf26d96a45c] PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\MiuiTab, Quarantined, [f7d542a243476fc717ed376770948977] PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, wpm07163, Quarantined, [2aa28d57f2983600f12a032b659ed62a] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE&ts=1434207852&type=default&q={searchTerms}, Quarantined, [8745ffe563275fd7c4e7eda434d03ec2] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE&ts=1434207852&type=default&q={searchTerms}, Quarantined, [cc00c51f5d2dbc7a4467cac761a30af6] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://www.oursurfing.com//favicon.ico, Quarantined, [3c908f55fa90a492ffacd8b99f65a957] PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE&ts=1434207852&type=default&q={searchTerms}, Quarantined, [a32935af21691a1c109bff9217ed39c7] PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\ARENAHD|value, 1, Quarantined, [a92335afd2b88aac43332170b64e49b7] PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [bb113da7078370c69ddc49c4c2414db3] PUP.Optional.PCTuner.C, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [eddf2cb8ed9db97d542cf69b05ffe719] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, Quarantined, [06c633b1c7c3fa3c57db64a9986bce32] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, Quarantined, [09c35094ccbea98db2803fce758ee818] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://do-search.com//favicon.ico, Quarantined, [6a6218cc781295a1dd55799454af09f7] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}|URL, http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, Quarantined, [3f8dab398a006bcbd260d439be45e917] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, Quarantined, [08c408dc3357c76f3df59d70ad560cf4] PUP.Optional.ProductSetup.A, HKU\S-1-5-21-476698584-3894196501-1223702351-1001\SOFTWARE\PRODUCTSETUP|tb, 0N2X1N, Quarantined, [17b540a4bad044f26600b1e7c63ed030] Registry Data: 4 PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\program files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE, Good: (iexplore.exe), Bad: (C:\program files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE),Replaced,[418b1dc7375376c04e8c8badf411e51b] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE),Replaced,[21ab8e561278f244d9fc4eeab154c63a] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts=1437579139&z=7c79a323ebeb559d217c064gaz8c3m2wamateg5z4e&from=wpm07163&uid=ST3750640AS_5QD4ZABEXXXX5QD4ZABE),Replaced,[2ca0954f4d3d8ea89540fa3e699c9070] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[319b00e4fc8efc3a44e0023632d3768a] Folders: 45 PUP.Optional.OpenCandy, C:\Users\Novella pc\AppData\Roaming\OpenCandy, Quarantined, [d1fb0adae0aa8aac6aab0fc7cf33e719], PUP.Optional.OpenCandy, C:\Users\Novella pc\AppData\Roaming\OpenCandy\33F3E780212A45AC90DC5DA13999BAC8, Quarantined, [d1fb0adae0aa8aac6aab0fc7cf33e719], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Delete-on-Reboot, [0ebe63815535043215c9ac3b20e21ae6], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [0ebe63815535043215c9ac3b20e21ae6], PUP.Optional.SystemSpeedup, C:\Users\Novella pc\AppData\Roaming\systweak\ssd, Quarantined, [18b44f95c8c2f73fd36b52964eb4df21], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [e7e526be0a80e452c2224fac927042be], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [e7e526be0a80e452c2224fac927042be], PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, Quarantined, [28a417cd1e6ceb4be6e043beb05333cd], PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, Quarantined, [28a417cd1e6ceb4be6e043beb05333cd], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\similar, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\image, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\en-US, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\es-419, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\es-ES, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-BE, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-CA, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-CH, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-FR, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-LU, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\it-CH, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\it-IT, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pl, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pt, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pt-BR, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\ru, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\ru-MO, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\tr-TR, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\vi-VI, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\zh-CN, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\zh-TW, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], Files: 103 PUP.Optional.XTab.A, C:\Program Files\MiuiTab\ProtectService.exe, Delete-on-Reboot, [f0dc3ea696f464d2a29d75e7d8297888], PUP.Optional.Airglobe, C:\Windows\System32\Drivers\{913d2ed3-4e23-413f-bdab-195da83ca204}Gw.sys, Quarantined, [408ce8fcacde0234198e3e2df60f27d9], PUP.Optional.SupTab.A, C:\Program Files\MiuiTab\SupTab.dll, Delete-on-Reboot, [a9233ca8cebcda5c72c2265e23df867a], PUP.Optional.OpenCandy, C:\Program Files\FrostWire\frostwire-installer.exe, Quarantined, [9735578dbbcf91a5e26ff06ee520916f], PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot.exe, Quarantined, [9636e0045337d363d6fc076339cc4cb4], PUP.Optional.SavePass.A, C:\Users\Novella pc\AppData\Local\Temp\4315.exe, Quarantined, [04c8ca1acdbd8da974eabfa6748d0ff1], PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Delete-on-Reboot, [e7e5f7ed1971ad89d7a4a7770bf8827e], PUP.Optional.OpenCandy, C:\Users\Novella pc\AppData\Roaming\OpenCandy\33F3E780212A45AC90DC5DA13999BAC8\LenovoSHAREit.exe, Quarantined, [d1fb0adae0aa8aac6aab0fc7cf33e719], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [0ebe63815535043215c9ac3b20e21ae6], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, Quarantined, [0ebe63815535043215c9ac3b20e21ae6], PUP.Optional.SystemSpeedup, C:\Users\Novella pc\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [18b44f95c8c2f73fd36b52964eb4df21], PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, Quarantined, [28a417cd1e6ceb4be6e043beb05333cd], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Google Profile.ico, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\am.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\background.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\channel.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\feedback.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\helper.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\imageoverlay.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\jquery.hoverIntent.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\jquery.lazyload.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\jquery.scrollstop.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\jquery_swl-1.7.2.min.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\laugh.ico, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\options.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\popup.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\qp.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\smileyscript.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\swl_base.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\swl_core.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\swl_facebookchat.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\swl_smileys.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\uuid.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\similar\jquery.base64.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.0.0_0\similar\similar_tr.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\craw_background.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.Crossbrowse.C, C:\Users\Novella pc\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\craw_window.js, Quarantined, [2e9e0bd90882ec4aa368af53b350728e], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\BrowerWatchCH.dll, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\BrowerWatchFF.dll, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\BrowserAction.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\CmdShell.exe, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\conf, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\defsearchp@gmail.com!1.0.0.1039.xpi, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\HPNotify.exe, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\IeWatchDog.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\install.data, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcp110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\msvcr110.dll, Delete-on-Reboot, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\searchProvider.xml, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\uninstall.exe, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\about.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\about_bk.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\btn.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\btn_apply.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\close.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\conf.xml, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\conf_back.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\input_bk.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\logo.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\main.xml, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\radio_1.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\radio_2.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\rigth_arrow.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\skin\settings.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\data.html, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\indexIE.html, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\indexIE8.html, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\main.css, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\google_trends.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\icon128.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\icon16.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\icon48.png, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\loading.gif, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\img\logo32.ico, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\common.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\ga.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\jquery-1.11.0.min.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\jquery.autocomplete.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\jquery.xdomainrequest.min.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\js.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\library.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\xagainit-ie8.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\xagainit2.0.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\js\xdomain.min.js, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\en-US\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\es-419\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\es-ES\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-BE\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-CA\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-CH\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-FR\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\fr-LU\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\it-CH\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\it-IT\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pl\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pt\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\pt-BR\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\ru\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\ru-MO\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\tr-TR\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\vi-VI\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\zh-CN\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], PUP.Optional.MiuiTab.A, C:\Program Files\MiuiTab\web\_locales\zh-TW\messages.json, Quarantined, [705c42a2b3d7a3933dae32d311f247b9], Physical Sectors: 0 (No malicious items detected) (end) ---------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22/07/2015 Scan Time: 10:47 a.m. Logfile: mal2.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.22.04 Rootkit Database: v2015.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x86 File System: NTFS User: Novella pc Scan Type: Threat Scan Result: Completed Objects Scanned: 301021 Time Elapsed: 9 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HIGHDEFACTION, Quarantined, [725a3aaa8802999db1e5dcb96c985ca4], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  6. See attached files from running Farbar recovery scan tool. After several scans and removing a root kit I still have all browser's hijacked Thanks for your help Addition.txt FRST.txt
  7. Hi for some weeks ago found out about malware bytes. I downloaded it on my computer and ran it and it deleted some things and everything is fine but when my friend downloaded it and scanned, it came kept on spaming the computer with that malware bytes have blockes "PUP.optional.websock.hijacked" and the path to where it was. Then he was going to check something on chrome but it only came "reload" then it displaied the messege with the PUP.optional.websock.hijack aigen and that it was missing. So i went to malware bytes to logg and found the PUP.optional and tried to Retrieve the file but it came a massane saying that the program the file was in is beeing used. I have closed everything but still it won't work! I have seen in the forums for anwser but all of them need some kind of program that he don't have, and he can't download anything because of no Internet(it is connected but can't use Internet) he got Windows 8 and i got 7 BTW Sorry for a big question. Plz help!! Benjamin
  8. I have a problem that is not caught by MB: whenever I use keyboard shortcut "Control+Enter" to finish an URL address entry (for example, if I type in "zellow" at url address bar then "Control+Enter" should normally give me the complete ".com" url and get me to the zellow site), it would direct the Internet Explorer to a web page displaying "Window virus warning, contact emergency virus support now. 1-844-226-2344". This web page cannot be closed, and it keeps making a beeping sound. Suspecting this might be a scam, I rebooted my system, ran all the malware/anti-virus software I had and updated windows 7 with the latest updates. Making sure my computer was clean, I repeated entering url address such as "zellow" followed by "Ctrl+Enter", and found that the problem persisted. This time I used the Task manager to kill the process and restarted IE - this got rid of the annoying pop up and beeping virus warning. But then I can no longer use Ctrl+Enter as keyboard shortcut to complete url address entry which is annoying. How do I get rid of this problem of "Hijacked keyboard shortcut for url address bar"? Thanks in advance to any help I can get.
  9. SafeSearch got downloaded covertly when I was downloading a program from the internet, and now when I open IE it opens to SafeSearch's page instead of the homepage I have set in Tools>Internet Options. It overrides it. I have tried every removal program suggested on the internet and none work. Malwarebytes was one of the programs recommended, but I already had Malwarebytes Pro and it doesn't even recognize it, much less get rid of it. How can I get my browser's settings back? I have Win 7 Home Premium, Sp1 and IE 11.
  10. My homepages on IE8, Mozilla firfox and Google have all been hijacked by Key Find. I ran the latest Malwarebytes and removed 247 items but now these homepages are hijacked. I have XP can someone help me?? Thanks.
  11. i have been hacked into for years. am not able to locate person, & have had various amount of pc's ruined. was told who was doing it but dont know if same person now? virus definitions do not stop this person.
  12. This is happening so I thought it might be a hijack or I don't know. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 10:08:10 PM, on 28/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16611) FIREFOX: 21.0 (en-US) Boot mode: Normal Running processes: C:\Windows\vVX1000.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\TiltWheelMouse.exe E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe E:\User\Momo\Applications\IDM\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGo.exe C:\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.171\deploy\LoLLauncher.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe E:\User\Momo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN22028586212056342&UM=2&ctid=CT3282812 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Zoomex - {B50DCC8E-967D-5B39-6447-E16D9DB46A80} - C:\ProgramData\Zoomex\5103e418938e6.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession O4 - HKLM\..\Run: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iDMan] E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Hyperdesktop] C:\Users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" O4 - HKCU\..\Run: [skypeVoiceChanger] E:\User\Momo\Applications\VoiceMaster\New Folder\SkypeVoiceChanger.exe /auto O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Policies\Explorer\Run: [Microsift] C:\Program Files (x86)\Update.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: LOLRecorder.lnk = E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe O8 - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18380 bytes
  13. My computer was hijacked by the Moneypak virus. After killing processes from another user account I have on the computer and then running Malwarebytes and TDSSKiller I can remove the files but they (and the virus) have been coming back as soon as I reboot even though all say there is no virus left on the computer. Also, Malwarebytes has protection disabled and I can not get it to enable again. I used System Mechanic and msconfig to stop the autostarts and to be able to post here. Thanks in advance for any help you can give me. Here are the requested cut/paste files from DDS.com per the AdvancedSetup topic : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1 Run by Test at 15:56:45 on 2013-05-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.13248 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Users\Test\Desktop\aswMBR.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uDefault_Page_URL = www.dell.com mWinlogon: Userinit = userinit.exe, BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Test\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{10290551-55E4-4BB1-8C70-448409C20C79} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\C496D6563747F6E65602C4F6467656 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-15 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-15 21616] R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-4-17 31432] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-15 89600] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-3-30 1070080] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-7-27 82160] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-15 27760] R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2012-2-15 71168] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2012-2-15 175104] R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2012-2-15 81920] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-2-15 344616] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-15 172704] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-15 76912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-20 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-15 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-15 180736] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-5-16 121448] R3 SiBEAMSB92xxHostSerial;SiBEAMSB92xxHostSerial;C:\Windows\System32\drivers\SiBEAM_x64.sys [2012-2-15 62464] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/15 07:23:41;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;"\mbamscheduler.exe" --> \mbamscheduler.exe [?] S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-3-5 118784] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2008-3-5 43032] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-15 335464] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-13 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S4 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] . =============== File Associations =============== . FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1" FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1" FileExt: .js: JSFile=NOTEPAD.EXE "%1" FileExt: .jse: JSEFile=NOTEPAD.EXE "%1" FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1" . =============== Created Last 30 ================ . 2013-05-21 20:48:49 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\offreg.dll 2013-05-21 00:14:43 -------- d-----w- C:\ProgramData\PC Tools 2013-05-21 00:14:42 -------- d-----w- C:\Users\Test\AppData\Roaming\TestApp 2013-05-21 00:12:37 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\mpengine.dll 2013-05-20 18:35:28 -------- d-----w- C:\Users\Test\AppData\Roaming\Dell 2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PCDr 2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2013-05-20 18:35:17 -------- d-----w- C:\Program Files\AlienAutopsy 2013-05-20 18:34:24 -------- d-----w- C:\Users\Test\AppData\Roaming\PCDr 2013-05-20 18:34:20 -------- d-----w- C:\temp 2013-05-20 13:59:12 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-20 12:24:03 -------- d-----w- C:\Users\Test\AppData\Roaming\Malwarebytes 2013-05-20 12:23:42 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-20 12:23:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-20 12:23:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-20 12:23:24 -------- d-----w- C:\Users\Test\AppData\Local\Programs 2013-05-19 18:20:31 65024 ----a-w- C:\Users\Test\javaw.dll 2013-05-15 11:38:48 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-26 04:39:05 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3485C91-A19A-47C4-93B4-2238A363DE88}\gapaengine.dll 2013-04-25 12:07:51 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-20 12:18:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-20 12:18:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-18 04:59:04 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe 2013-03-18 04:58:56 26184 ----a-w- C:\Windows\System32\smrgdf.exe 2013-03-18 04:43:58 2155688 ----a-w- C:\Windows\System32\Incinerator64.dll 2013-03-18 04:43:56 2097472 ----a-w- C:\Windows\SysWow64\Incinerator32.dll 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll . ============= FINISH: 15:56:51.64 ===============. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/9/2012 2:51:40 PM System Uptime: 5/21/2013 3:47:33 PM (0 hours ago) . Motherboard: Alienware | | M17xR3 Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 87.544 GiB free. D: is FIXED (NTFS) - 699 GiB total, 345.473 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000 Service: . ==== System Restore Points =================== . RP124: 2/26/2013 11:06:07 PM - Windows Update RP125: 3/2/2013 10:19:50 AM - Windows Update RP126: 3/8/2013 11:20:23 PM - Windows Update RP127: 3/12/2013 5:59:05 PM - Windows Update RP128: 3/14/2013 9:45:09 AM - Windows Update RP129: 3/18/2013 11:09:31 AM - Windows Update RP130: 3/22/2013 2:22:39 PM - Windows Update RP131: 3/25/2013 9:44:03 PM - Windows Update RP132: 3/29/2013 1:12:59 PM - Windows Update RP133: 4/3/2013 10:23:59 AM - Windows Update RP134: 4/7/2013 7:50:23 AM - Windows Update RP135: 4/9/2013 3:52:57 PM - Windows Update RP136: 4/12/2013 9:20:02 PM - Windows Update RP137: 4/16/2013 7:22:19 PM - Windows Update RP138: 4/20/2013 8:24:57 AM - Windows Update RP139: 4/25/2013 11:38:46 PM - Windows Update RP140: 4/26/2013 8:31:21 AM - Windows Update RP141: 4/29/2013 10:00:35 AM - Windows Update RP142: 4/30/2013 12:04:24 AM - Windows Update RP143: 5/3/2013 2:04:18 PM - Windows Update RP144: 5/7/2013 6:53:26 AM - Windows Update RP145: 5/10/2013 4:59:22 PM - Windows Update RP146: 5/14/2013 8:58:03 PM - Windows Update RP147: 5/15/2013 7:50:12 PM - Windows Update RP148: 5/19/2013 7:47:46 AM - Windows Update RP149: 5/20/2013 3:27:57 PM - Malwarebytes Anti-Rootkit Restore Point RP150: 5/20/2013 5:04:51 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Adobe AIR Adobe Reader X (10.1.7) Adobe Shockwave Player 11.6 Advanced Audio FX Engine Alienware On-Screen Display Apple Application Support Apple Software Update Command Center Corel PaintShop Pro X4 CyberLink PowerDVD 9.6 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Webcam Central Diablo II Digital Copy DirectX 9 Runtime EMSC Flixster Collections Free File Viewer 2011 ICA iolo technologies' System Mechanic Professional IPM_PSP_COM Java Auto Updater Java™ 7 Update 4 JavaFX 2.1.0 Juniper Networks, Inc. Setup Client Junk Mail filter update Live! Cam Avatar Creator Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Save as PDF Add-in for 2007 Microsoft Office programs Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver PhotoShowExpress PSPPContent PSPPHelp PSPPro64 QuickTime RBVirtualFolder64Inst RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setup Sonic CinePlayer Decoder Pack Sprint SmartView swMSM Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Widevine Media Optimizer IE 6.0.0 WiHD Controller Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinZip 15.5 . ==== Event Viewer Messages From Past Week ======== . 5/21/2013 3:52:14 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the file specified. 5/21/2013 3:51:36 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The system cannot find the file specified. 5/21/2013 3:48:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 5/21/2013 3:47:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk 5/20/2013 7:35:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/20/2013 7:35:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 5/20/2013 7:33:09 PM, Error: volmgr [46] - Crash dump initialization failed! 5/20/2013 7:16:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JEANNES-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}. The master browser is stopping or an election is being forced. 5/20/2013 7:12:37 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 . ==== End Of File ===========================
  14. Hello Tech Experts, Would someone please review my log and tell me what is happening to my computer. I have had various issues and unrecognized files, computer responding strangely, often flashing, programs installed I don't recognize. I'm running OS win 7 Ive tried various anti virus and malware protection software but I don't recognize these logs. I researched and found Malware Defender as I believe someone may be keylogging or hacking my information. Can anyone help? I have attached the log it is from Malware Defender as was reviewed as noticing others accessing your network as well. I have Comodo Anti-Virus and Spybot .....I was told to turn Windows firewall off if I have enabled comodo firewall How can I tell if someone is hacking my network and information, do I have a virus? How can I fix this? Thank you so much in advance, The attachment is Microsoft Word entitled "My Stuff"
  15. Dear Helpers, I hope you will be able to help sort me out quickly. I'm on different PC now as I can't access your site otherwise. Yesterday, random radio sounds were playing out of the speakers every 20 minutes or so. I normally use Microsoft Security Essentials. I checked it, and the service was not even started for some reason. I started it and did a scan. Items were found and removed. Then I did a MalwareBytes quick scan and removed about 20 items, some upon restart. Now after restart it is even worse. I can't even visit your website. It goes to a fake 'Google' site that says "404 That's an Error, that's all we know" with a picture of a robot. I've tried Chrome, Firefox, and IE. And I tried reinstalling FF and Chrome as well. Also, I went to Facebook and they tried to start a form where I had to enter my credit card info for "security purposes". I know this is fake. What can I do without losing the data on the computer? Thank you! Attach.txt DDS.txt
  16. Hello, I have just purchased the PRO version of your software and have run the Flash scan and the quick scan. Nothing is found. But since Wednesday my browser is being hijacked and my computer speed is VERY SLOW. Do you have any suggestions? I have also called Mcafee and had their technicians do a remote log in and they worked for about 45 minutes yesterday and told me there is nothing on my computer. All browsers, Chrome and Firefox will redirect when I click on anything other than a PPC style ad. Can you please help me?
  17. I'm not an AOL customer and never agreed to any AOL products but somehow my homepage and browser were changed. I deleted AOL from browser options and selected Google and that works. However when I go to an address I want as my homepage and go to the House on the right it says http://www.aol.com/?...usaolp00000015. It just will take me to that page and not let me change it at all. I ran a quick scan with the updated Malwarebytes and found 0 issues. I attached the homepage source because it was too long for the post. I really appreciate the help!! Thanks, K
  18. I know things are being changed on my computer, please help me analyze this . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mel at 3:41:34 on 2012-02-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1380 [GMT -8:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\System32\atwtusb.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Windows\system32\atwtusb.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe C:\Program Files (x86)\MAGIX\Music_Maker_MX_Production_Suite_Download_Version\MusicMaker.exe C:\Program Files (x86)\MAGIX\Music_Maker_MX_Production_Suite_Download_Version\Online\magixofa.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\Downloads\HijackThis (1).exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler uRun: [HijackThis startup scan] C:\Users\Mel\Downloads\HijackThis.exe /startupscan mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1.LNK - C:\Windows\Installer\{33D427F9-FB5E-4E1A-A83E-E9E1E6B060AD}\_60ECD5E5FD618826B11700.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.15.1 TCP: Interfaces\{6D2453D7-B8E4-42CC-84A2-13CAA854231D} : DhcpNameServer = 20.20.1.1 TCP: Interfaces\{810E3034-92B0-479B-99D9-6B7C478B12F2} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{810E3034-92B0-479B-99D9-6B7C478B12F2}\075736B6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{810E3034-92B0-479B-99D9-6B7C478B12F2}\34C6561627023507F64702435683 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{810E3034-92B0-479B-99D9-6B7C478B12F2}\36865656471686E6564777F627B6 : DhcpNameServer = 64.250.243.37 64.250.243.42 TCP: Interfaces\{810E3034-92B0-479B-99D9-6B7C478B12F2}\97E616D6569647 : DhcpNameServer = 192.168.15.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-8 2413056] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-22 652360] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-2-7 138248] R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2012-2-26 439632] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-18 1157240] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120224.002\IDSviA64.sys [2012-2-24 488568] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?] R3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?] R3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?] R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI --> C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [?] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-02-26 11:33:04 -------- d-----w- C:\Program Files (x86)\WinPcap 2012-02-26 11:32:35 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-02-26 08:50:08 -------- d-----w- C:\Users\Mel\AppData\Roaming\Macrovision 2012-02-25 16:43:46 367104 ----a-w- C:\Windows\System32\CNC360L.dll 2012-02-25 16:43:46 315392 ----a-w- C:\Windows\SysWow64\CNC360L.dll 2012-02-25 16:43:46 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll 2012-02-25 16:43:46 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2012-02-25 16:43:46 1368064 ----a-w- C:\Windows\System32\CNC360C.dll 2012-02-25 16:43:46 112128 ----a-w- C:\Windows\System32\CNC360I.dll 2012-02-25 16:43:46 106496 ----a-w- C:\Windows\SysWow64\CNC360U.dll 2012-02-25 16:43:40 -------- d--h--w- C:\ProgramData\CanonIJFAX 2012-02-25 16:43:35 302080 ----a-w- C:\Windows\System32\CNCALAK.DLL 2012-02-25 16:42:42 -------- d-----w- C:\Users\Mel\AppData\Local\MediaMonkey 2012-02-25 16:42:24 -------- d-----w- C:\Users\Mel\AppData\Roaming\MediaMonkey 2012-02-25 16:42:11 -------- d-----w- C:\ProgramData\MediaMonkey 2012-02-25 16:42:01 -------- d-----w- C:\Program Files (x86)\MediaMonkey 2012-02-25 16:32:26 88576 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAK.DLL 2012-02-25 16:32:26 29696 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAK.DLL 2012-02-25 16:31:49 374784 ----a-w- C:\Windows\System32\CNMLMAK.DLL 2012-02-25 16:12:01 -------- d-----w- C:\Users\Mel\all beat 2012-02-25 16:09:15 -------- d-----w- C:\Users\Mel\AppData\Local\Windows Live 2012-02-25 16:09:15 -------- d-----w- C:\Users\Mel\AppData\Local\{50F760D7-CA11-4D36-A0FE-86DAE2A33CC6} 2012-02-25 16:09:03 -------- d-----w- C:\Users\Mel\AppData\Local\{5EFD042A-DAEF-46D0-A676-B0C2FB721C27} 2012-02-22 11:31:12 -------- d-----w- C:\Users\Mel\AppData\Roaming\Malwarebytes 2012-02-22 11:31:06 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-22 11:31:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-22 11:31:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-22 05:50:30 -------- d-----w- C:\Program Files (x86)\IO3O LLC 2012-02-21 23:22:54 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys 2012-02-21 19:34:31 -------- d-----w- C:\Users\Mel\AppData\Local\ElevatedDiagnostics 2012-02-20 04:03:24 -------- d-----w- C:\Users\Mel\AppData\Roaming\NetMedia Providers 2012-02-20 03:06:07 -------- d-----w- C:\Users\Mel\AppData\Local\Sony 2012-02-20 02:58:13 -------- d-----w- C:\Program Files (x86)\Sony 2012-02-19 23:29:28 -------- d-----w- C:\temp 2012-02-19 22:56:46 -------- d-----w- C:\Program Files\CCleaner 2012-02-19 22:01:11 -------- d-----w- C:\Users\Mel\AppData\Roaming\Get from YouTube 2012-02-19 21:55:30 -------- d-----w- C:\Users\Mel\AppData\Roaming\Import Audio from Video 2012-02-19 11:27:44 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound 2012-02-19 11:26:30 -------- d-----w- C:\Program Files (x86)\NCH Software 2012-02-19 11:26:26 -------- d-----w- C:\Users\Mel\AppData\Roaming\NCH Software 2012-02-19 11:17:55 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2012-02-19 08:07:16 -------- d-----w- C:\Users\Mel\AppData\Roaming\Free Audio Editor 2012-02-19 07:46:52 602112 ----a-w- C:\Windows\SysWow64\NCTAudioTransform2.dll 2012-02-19 07:46:52 479232 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll 2012-02-19 07:46:52 458752 ----a-w- C:\Windows\SysWow64\NCTAudioRecord2.dll 2012-02-19 07:46:52 458752 ----a-w- C:\Windows\SysWow64\NCTAudioPlayer2.dll 2012-02-19 07:46:52 417792 ----a-w- C:\Windows\SysWow64\NCTTextToAudio2.dll 2012-02-19 07:46:52 348160 ----a-w- C:\Windows\SysWow64\NCTWMAFile2.dll 2012-02-19 07:46:52 1986560 ----a-w- C:\Windows\SysWow64\NCTAudioFile2.dll 2012-02-19 07:46:52 1212416 ----a-w- C:\Windows\SysWow64\NCTAudioInformation2.dll 2012-02-19 07:46:51 880640 ----a-w- C:\Windows\SysWow64\NCTAudioEditor2.dll 2012-02-19 07:46:51 835584 ----a-w- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll 2012-02-19 07:46:51 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll 2012-02-19 07:46:49 -------- d-----w- C:\Program Files (x86)\Free Audio Editor 2012-02-18 15:37:54 -------- d-----w- C:\Users\Mel\AppData\Roaming\DigitalDJ17 2012-02-18 15:37:46 -------- d-----w- C:\Users\Mel\AppData\Roaming\SongManager 2012-02-18 15:37:32 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2012-02-18 14:40:53 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-18 14:40:53 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-18 14:40:21 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-18 14:40:20 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-18 14:39:16 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-18 14:39:13 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-18 14:39:05 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-18 14:39:05 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-17 07:57:19 -------- d-----w- C:\Users\Mel\AppData\Local\Mozilla 2012-02-17 06:18:20 -------- d-----w- C:\Users\Mel\AppData\Local\{E994AFBE-EFFB-400D-AB57-73CA87AF7319} 2012-02-17 04:28:17 -------- d-----w- C:\ProgramData\PopCap Games 2012-02-17 02:23:25 -------- d-----w- C:\Users\Mel\AppData\Local\{C872B5EF-5C0D-49CD-B892-1509A7CF1418} 2012-02-17 02:23:25 -------- d-----w- C:\Users\Mel\AppData\Local\{4F83C0B4-0A47-44F5-908A-B04342A5E181} 2012-02-11 20:28:04 -------- d-----w- C:\Users\Mel\AppData\Local\CrashDumps 2012-02-11 19:22:26 -------- d-----w- C:\Users\Mel\AppData\Roaming\SynthMaker 2012-02-11 19:22:14 -------- d-----w- C:\Users\Mel\AppData\Roaming\Acoustica 2012-02-11 07:37:04 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-02-10 07:03:47 -------- d-----w- C:\Users\Mel\AppData\Roaming\SoftGrid Client 2012-02-10 07:03:47 -------- d-----w- C:\Users\Mel\AppData\Local\SoftGrid Client 2012-02-09 22:36:54 -------- d-----w- C:\Users\Mel\AppData\Roaming\com.adobe.example.DubTurbo2.2C5EA5ABC1DEB308D2835FE19E22900BCCA96951.1 2012-02-09 22:35:21 -------- d-----w- C:\Program Files (x86)\DubTurbo2 2012-02-08 19:53:58 -------- d-----w- C:\Users\Mel\AppData\Roaming\Windows Live Writer 2012-02-08 19:53:58 -------- d-----w- C:\Users\Mel\AppData\Local\Windows Live Writer 2012-02-08 10:50:05 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-02-08 10:49:43 -------- d-----w- C:\Users\Mel\AppData\Roaming\TP 2012-02-08 09:16:39 -------- d-----w- C:\Windows\Msagent 2012-02-08 03:23:45 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys 2012-02-08 03:23:45 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys 2012-02-08 03:23:45 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys 2012-02-08 03:23:45 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys 2012-02-08 03:23:45 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys 2012-02-08 03:23:45 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys 2012-02-08 03:23:45 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys 2012-02-08 03:23:29 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091 2012-02-06 04:11:56 -------- d-----w- C:\Users\Mel\AppData\Roaming\Artweaver 2012-02-06 04:00:11 -------- d-----w- C:\Users\Mel\AppData\Local\PDF Annotator 2012-02-06 04:00:01 -------- d-----w- C:\Program Files (x86)\PDF Annotator 2012-02-06 03:59:20 -------- d-----w- C:\Program Files (x86)\Power Presenter RE II 2012-02-06 03:57:28 -------- d-----w- C:\ProgramData\Artweaver 2012-02-06 03:57:28 -------- d-----w- C:\Program Files (x86)\Artweaver 1.0 2012-02-06 03:55:12 7680 ----a-w- C:\Windows\System32\drivers\moufiltr.sys 2012-02-06 03:54:55 7808 ----a-w- C:\Windows\System32\drivers\walvhid.sys 2012-02-06 03:54:53 -------- d-----w- C:\Windows\vhid 2012-02-06 03:54:39 -------- d-----w- C:\Windows\udtablet 2012-02-06 03:54:14 -------- d-----w- C:\Windows\calib_da 2012-02-06 03:54:14 -------- d-----w- C:\ProgramData\Tablet 2012-02-05 16:54:42 1347344 ----a-w- C:\Windows\SysWow64\msvbvm50.dll 2012-02-05 16:10:58 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects 2012-02-05 16:10:50 -------- d-----w- C:\Program Files (x86)\Acoustica Beatcraft 2012-02-05 16:05:02 -------- d-----w- C:\ProgramData\Acoustica 2012-02-05 14:44:41 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-02-05 14:39:38 -------- d-----w- C:\Users\Mel\AppData\Roaming\uTorrent 2012-02-04 11:56:50 -------- d-----w- C:\Windows\SysWow64\Wat 2012-02-04 11:56:50 -------- d-----w- C:\Windows\System32\Wat 2012-02-04 11:32:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-02-04 08:03:50 -------- d-----w- C:\Users\Mel\AppData\Local\Diagnostics 2012-02-04 07:11:43 -------- d-----w- C:\Users\Mel\AppData\Roaming\Zya 2012-02-04 07:11:01 -------- d-----w- C:\Users\Mel\AppData\Local\Google 2012-02-04 06:52:16 -------- d-----w- C:\Users\Mel\AppData\Local\Music Mastermind 2012-02-04 06:52:04 -------- d-----w- C:\ProgramData\Zya 2012-02-04 06:52:04 -------- d-----w- C:\Program Files (x86)\Zya 2012-02-04 05:09:29 -------- d-----w- C:\Users\Mel\AppData\Roaming\MAGIX 2012-02-04 05:07:42 -------- d-----w- C:\Program Files (x86)\MAGIX 2012-02-04 05:07:17 -------- d-----w- C:\ProgramData\MAGIX 2012-02-04 05:07:14 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services 2012-02-04 04:57:12 -------- d-----w- C:\Users\Mel\AppData\Roaming\REAPER 2012-02-04 04:56:31 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software 2012-02-04 04:56:23 -------- d-----w- C:\Program Files\REAPER (x64) 2012-02-04 01:30:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-02-03 17:50:42 -------- d-----w- C:\Users\Mel\AppData\Local\Apple Computer 2012-02-03 17:50:10 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-02-03 17:50:10 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-02-03 17:50:10 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-02-03 17:49:48 -------- d-----w- C:\Program Files\iPod 2012-02-03 17:49:47 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-02-03 17:49:47 -------- d-----w- C:\Program Files\iTunes 2012-02-03 17:49:47 -------- d-----w- C:\Program Files (x86)\iTunes 2012-02-03 17:48:40 -------- d-----w- C:\Users\Mel\AppData\Local\Apple 2012-02-03 17:47:46 -------- d-----w- C:\Program Files\Bonjour 2012-02-03 17:47:46 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-02-03 17:47:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-03 17:47:02 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-03 17:47:02 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-02-03 17:47:02 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-02-03 17:44:49 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-02-03 17:07:32 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2012-02-03 17:07:32 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2012-02-03 17:07:27 142336 ----a-w- C:\Windows\System32\poqexec.exe 2012-02-03 17:07:27 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2012-02-03 16:58:41 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2012-02-03 16:47:09 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2012-02-03 16:47:09 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2012-02-03 16:38:49 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2012-02-03 16:38:49 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2012-02-03 16:38:49 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2012-02-03 16:38:48 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2012-02-03 16:26:14 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2012-02-03 16:26:14 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2012-02-03 16:26:14 331776 ----a-w- C:\Windows\System32\oleacc.dll 2012-02-03 16:26:14 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2012-02-03 16:26:12 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-02-03 16:26:12 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-02-03 16:25:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-02-03 16:25:02 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-02-03 16:24:34 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-02-03 16:24:34 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-02-03 16:24:19 77312 ----a-w- C:\Windows\System32\packager.dll 2012-02-03 16:24:19 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-02-02 06:41:57 -------- d-----w- C:\Users\Mel\AppData\Local\Adobe 2012-02-02 06:29:32 -------- d-----w- C:\Users\Mel\AppData\Roaming\Hoyle FaceCreator 2012-02-02 06:29:32 -------- d-----w- C:\Users\Mel\AppData\Roaming\Hoyle Card Games 2012-02-01 21:20:40 -------- d-----w- C:\Users\Mel\AppData\Local\AMD 2012-02-01 21:20:31 -------- d-----w- C:\Users\Mel\AppData\Local\ATI 2012-02-01 21:19:26 -------- d-----w- C:\Users\Mel\AppData\Roaming\Synaptics 2012-02-01 21:14:51 -------- d-----w- C:\Users\Mel\AppData\Roaming\hpqlog 2012-02-01 21:14:49 -------- d-----w- C:\Users\Mel\AppData\Local\Hewlett-Packard 2012-02-01 21:13:56 -------- d-----w- C:\Users\Mel\AppData\Local\RemEngine 2012-02-01 21:13:51 -------- d-----w- C:\Users\Mel\AppData\Local\Hewlett-Packard_Company 2012-02-01 21:12:37 -------- d-----w- C:\Users\Mel\AppData\Local\VirtualStore . ==================== Find3M ==================== . 2012-02-22 10:42:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-08 03:24:51 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-01-08 13:58:27 0 ----a-w- C:\Windows\ativpsrm.bin 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 3:42:30.06 =============== DDS.txt hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.