Jump to content

Search the Community

Showing results for tags 'mystart'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. The mystart incredibar is on both IE8 and Google Chrome. I don't want it.....it doesn't appear to be causing any problems, YET. I have run a Quick Scan twice. I installed Malwarebytes Pro tonight , ran the scan and it's still there. What's Next. ?
  2. Recently, my startup page was changed to 'http://www2.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp' After repeatedly trying to change my startup page and searching on google for solutions, i found out that my computer's infected. I recently downloaded 2 programmes, best video downloader - http://www.bestvideodownloader.com/ And paratelogic data recovery - http://paretologic-data-recovery.en.softonic.com/ I can't really remember which was the one that gave me this problem though. I've run scans with malwarebytes already but not malicious items have been found. I need help, please! Thank you!
  3. Help! So, I open up google chrome, and this weird application-esque thing called Incredibar kept harassing me. I googled around a bit, and I found about other people having the problem. I've deleted ALL the programs other people had problems with, and fixed the settings in chrome, but every time I open a new tab I'm still being redirecting to the Mystart page search engine thing (which is a really crappy search engine to be forced to use). Any assistance would be much appreciated. PS: I'm really clueless regarding things like coding of any sort, so dumbed-down instructions would be rad.
  4. Hi, hoping you can help me. It seems a search engine called "Mystart" has taken over Google Chrome and I can't get rid of it. DDS logs attached below. Thanks for your help! Nick . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Nick at 19:02:53 on 2012-05-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3710.2428 [GMT -4:00] . AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Kontiki\KService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\Brownie\BrStsWnd.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Brownie\brpjp04a.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hp\kbd\kbd.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\mmc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://search.myheritage.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [CCUTRAYICON] FactoryMode mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [brdefprn] c:\program files\brother\brhl3070\Brdefprn.exe -d mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\users\nick\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe StartupFolder: c:\users\nick\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\nick\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2 StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {363D09D0-9D94-4880-86B2-7A8801920854} - hxxp://org-au.anytime-tv.com/anytime_au/cab/AnytimeAU_3_5_0_20.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://org-au.anytime-tv.com/anytime_au/cab/Entriq_3_7_0_2_Silent.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5F936592-C249-46FD-BE32-76BD917395A6} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B155EA8A-F1B9-4530-BEC3-170402C6D935} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-19 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-19 905336] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-19 821880] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-19 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\ipsdefs\20120518.002\IDSvix86.sys [2012-5-21 368248] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-19 149624] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-19 345208] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-4 21504] R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-19 138232] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-1-25 2831232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-19 106104] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-17 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-8 116648] S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-2 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-8 116648] S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-17 753504] . =============== Created Last 30 ================ . 2012-05-20 00:12:47 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys 2012-05-20 00:12:47 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys 2012-05-20 00:12:46 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symefa.sys 2012-05-20 00:12:46 574072 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys 2012-05-20 00:12:46 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symds.sys 2012-05-20 00:12:46 32888 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys 2012-05-20 00:12:46 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ironx86.sys 2012-05-20 00:12:46 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys 2012-05-20 00:12:42 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005 2012-05-20 00:09:41 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-05-20 00:09:41 -------- d-----w- c:\program files\Symantec 2012-05-20 00:09:08 -------- d-----w- c:\windows\system32\drivers\N360 2012-05-20 00:09:06 -------- d-----w- c:\program files\Norton 360 2012-05-20 00:08:48 -------- d-----w- c:\program files\NortonInstaller 2012-05-16 16:29:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-16 16:29:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-16 16:07:54 -------- d-----w- c:\users\nick\appdata\local\temp 2012-05-16 16:07:02 -------- d-sh--w- C:\$RECYCLE.BIN 2012-05-16 15:46:06 98816 ----a-w- c:\windows\sed.exe 2012-05-16 15:46:06 518144 ----a-w- c:\windows\SWREG.exe 2012-05-16 15:46:06 256000 ----a-w- c:\windows\PEV.exe 2012-05-16 15:46:06 208896 ----a-w- c:\windows\MBR.exe 2012-05-16 15:36:58 -------- d-----w- c:\programdata\blekko toolbars 2012-05-16 15:36:54 -------- d-----w- c:\program files\blekkotb_soc 2012-05-16 15:09:58 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2012-05-16 14:40:58 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-16 14:40:58 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-16 14:40:57 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-05-03 01:53:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-03 01:35:39 -------- d-----w- c:\users\nick\appdata\roaming\Malwarebytes 2012-05-03 01:35:33 -------- d-----w- c:\programdata\Malwarebytes 2012-05-02 03:54:01 -------- d-----w- c:\users\nick\appdata\local\NPE . ==================== Find3M ==================== . 2012-05-16 14:56:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 19:03:58.68 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 17/04/2007 3:28:31 AM System Uptime: 22/05/2012 6:47:16 PM (1 hours ago) . Motherboard: ASUSTek Computer INC. | | LEONITE Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 292 GiB total, 31.964 GiB free. D: is FIXED (NTFS) - 6 GiB total, 0.584 GiB free. E: is FIXED (NTFS) - 466 GiB total, 165.66 GiB free. I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: HP 802.11b/g Wireless Network Adapter Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&33087CF&0&28F0 Manufacturer: Atheros Communications Inc. Name: HP 802.11b/g Wireless Network Adapter PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&33087CF&0&28F0 Service: athr . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMHL-DT-ST_DVDRRW_GSA-H30L________________S755____\4&30F406D4&1&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: HL-DT-ST DVDRRW GSA-H30L PNP Device ID: IDE\CDROMHL-DT-ST_DVDRRW_GSA-H30L________________S755____\4&30F406D4&1&0.1.0 Service: cdrom . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GH22NS40________________NL01____\4&30F406D4&1&0.3.0 Manufacturer: (Standard CD-ROM drives) Name: HL-DT-ST DVDRAM GH22NS40 PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GH22NS40________________NL01____\4&30F406D4&1&0.3.0 Service: cdrom . ==== System Restore Points =================== . RP1599: 19/05/2012 6:24:42 PM - Windows Update RP1600: 20/05/2012 4:03:05 PM - Scheduled Checkpoint RP1601: 21/05/2012 9:55:38 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoImpression 5 Audacity 1.2.6 AutoUpdate Bonjour Brother HL-3070CW ComparatorPro CyberLink PhotoNow CyberLink PowerDirector DivX Enhanced Multimedia Keyboard Solution EPSON Attach To Email EPSON Copy Utility 3 EPSON Event Manager EPSON File Manager EPSON Scan EPSON Scan Assistant Family Tree Maker 2010 GearDrvs Google Apps Migration For Microsoft Outlook® 2.3.12.34 Google Apps Sync™ for Microsoft Outlook® 3.0.51.96 Google Calendar Sync Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Connections (remove only) HP Customer Experience Enhancements HP Easy Setup - Core HP Easy Setup - Frontend HP On-Screen Caps/Num/Scroll Lock Indicator HP Picasso Media Center Add-In iCloud Intel® Matrix Storage Manager Intel® Viiv™ Software iPhone Configuration Utility iTunes Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java 6 Update 29 LightScribe 1.4.142.1 Logitech Webcam Software MainConcept for Software Encoder Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 3.0 MobileMe Control Panel MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 5.0 MyHeritage Family Tree Builder NETGEAR Print Server Software Norton 360 NVIDIA Drivers OGA Notifier 2.0.0048.0 OpenOffice.org Installer 1.0 PerfV350 User's Guide Photo Viewer V208G2 PowerDirector Express PowerDVD PowerProducer Python 2.4.3 QuickTime RealPlayer Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB979332) Skype™ 5.8 SmartSound Quicktracks Plugin Sony USB Driver Symantec Technical Support Web Controls TomTom HOME 2.8.3.2499 TomTom HOME Visual Studio Merge Modules Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WARP Video 2 Windows Media Encoder 9 Series Xiph QuickTime Components . ==== Event Viewer Messages From Past Week ======== . 22/05/2012 6:49:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom i8042prt 22/05/2012 6:49:16 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 22/05/2012 6:49:16 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 22/05/2012 6:49:16 PM, Error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: The system cannot find the file specified. 22/05/2012 6:47:42 PM, Error: atikmdag [45062] - CRT invalid display type 19/05/2012 8:18:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 16/05/2012 6:57:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 16/05/2012 12:05:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 16/05/2012 11:57:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 16/05/2012 11:44:56 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  5. Hi, I believe my computer is infected. When I open a new Chrome session, it automatically opens two tabs, which re-direct me to a site called "btsearch.name" which is simply a Google search window. This began after downloading "MyStart by Incredibar". I I removed the program via Add/Remove but the problem remains. I have run both MalwareBytes & Spybot S&D (including Immunization) but the problem remains. Here are the DDS.txt & Attach.txt files as requested. Thank you for any assistance you can offer. -Ryan . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31 Run by 107267 at 18:00:26 on 2012-04-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2108 [GMT 10:00] . AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ============== Running Processes =============== . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Citrix\ICA Client\ssonsvr.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\SC\CAM\bin\cam.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Notes\nsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Notes\ntmulti.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sonexis\ApplicationSharing\AppDriverService.exe C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\CA\DSM\Bin\caf.exe C:\Program Files\CA\DSM\Bin\cfsmsmd.exe C:\Program Files\CA\DSM\Bin\ccnfagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe C:\Program Files\CA\DSM\Bin\ccsmagtd.exe C:\Program Files\CA\DSM\Bin\rcHost.exe C:\Program Files\CA\DSM\Bin\amswmagt.exe C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe C:\Program Files\CA\DSM\Bin\cfftplugin.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CA\DSM\bin\cfSysTray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\Program Files\Browny02\BrYNSvc.exe C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\107267\Desktop\snagit32.exe C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\107267\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://intranet.rcleurope.com/ mDefault_Page_URL = Http://intranet.rcleurope.com uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080 uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;anyconnect.rccl.com;119.225.1.34;;*.local;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\107267\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe" mRun: [WinVNC] "c:\program files\orl\vnc\winvnc.exe" -servicehelper mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe" mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [bigPondWirelessBroadbandCM] "c:\program files\telstra\mobile broadband manager\TelstraUCM.exe" -tsr mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = autorun.pif uPolicies-disallowrun: 2 = hupigon.exe uPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab DPF: B3467D2D-E10C-41A6-B671-2B07A1445DC4 - hxxp://econference.rcleurope.com//Downloads/cmW32client.cab DPF: {00B28243-126B-4FFF-B346-6C3176E8296B} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_Calendar.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://qc.rccl.com/qcbin/capicom.dll DPF: {5F738800-9D2F-48CE-999B-B3D66C7E8D24} - hxxp://teamsite-prod.rccl.com/iw/ewebeditpro20/ewebeditpro5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://remotemail.rccl.com:11023/dwa8W.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://siebgvsp.rccl.com:9100/callcenter_enu/19221/applets/SiebelAx_HI_Client.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aufreetrial.webex.com/client/T27L/webex/ieatgpc.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxp://hyperion.rccl.com/InsightInstaller/setup.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://qc.rccl.com/qcbin/Spider10.cab TCP: DhcpNameServer = 192.168.0.1 203.134.12.90 TCP: Interfaces\{362A5A16-A1C4-4FFD-8712-ECA41F10EB74} : DhcpNameServer = 192.168.0.1 203.134.12.90 Notify: CAF - c:\program files\ca\dsm\bin\cfwlogon.dll Notify: igfxcui - igfxdev.dll Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\107267\application data\mozilla\firefox\profiles\tuai47zv.default\ FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6Oyy706xO9&i=26 FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyy706xO9&&i=26&search= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\107267\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\107267\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyy706xO9&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 142c63b900000000000000218696caed FF - user.js: extensions.incredibar_i.instlDay - 15437 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:42:48 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oyy706xO9 FF - user.js: extensions.incredibar_i.upn2n - 92261197075936793 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - 61%5F2 . ============= SERVICES / DRIVERS =============== . R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-3-5 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-3-5 24064] R2 Ataman TCP Remote Logon Services;Ataman TCP Remote Logon Services;c:\hyperion\biplus\bin\sqr\remote\bin\atrls.exe [2010-9-17 71168] R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2010-3-5 147456] R2 caf;CA DSM r11 Common Application Framework.;c:\program files\ca\dsm\bin\CAF.exe [2008-3-1 193800] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2009-9-29 3397000] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-12-13 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-13 97520] R2 Sonexis Application Sharing Driver Service;Sonexis Application Sharing Driver Service;c:\program files\sonexis\applicationsharing\AppDriverService.exe [2010-8-16 167936] R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-12-13 282624] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-12-13 230640] R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-12-13 806912] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-3-15 1543704] R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-9-2 230768] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-7-25 245760] R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2008-3-1 26128] R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2008-3-1 9872] R3 SonMirrorftas;ConferenceManager AppShare Filter Driver;c:\windows\system32\drivers\SonMirrorftas.sys [2010-8-16 3840] R3 SonVMDas;SonVMDas;c:\windows\system32\drivers\SonVMDas.sys [2010-8-16 2560] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-28 7680] S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-7-21 23928] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-29 189792] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-7-28 114688] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-3-5 14976] . =============== Created Last 30 ================ . 2012-04-10 06:00:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-04-10 06:00:54 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-10 05:52:28 -------- d-----w- c:\documents and settings\107267\application data\Malwarebytes 2012-04-10 05:52:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-10 05:52:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-10 05:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-07 04:43:10 -------- d-----w- c:\documents and settings\all users\application data\Premium 2012-04-07 04:38:14 -------- d-----w- C:\codec-info 2012-04-07 04:37:42 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2012-04-04 01:09:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-04 01:09:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-07 06:58:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-07 06:58:32 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 18:01:24.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/5/2010 11:12:31 PM System Uptime: 4/10/2012 5:11:47 PM (1 hours ago) . Motherboard: LENOVO | | 7659WET Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | None | 1795/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 35.063 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: Unicenter r11 Remote Control Secure Control Adapter Device ID: ROOT\DISPLAY\0001 Manufacturer: Computer Associates Intl., Inc. Name: Unicenter r11 Remote Control Secure Control Adapter PNP Device ID: ROOT\DISPLAY\0001 Service: rcVidCap . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0001 Service: vpnva . ==== System Restore Points =================== . RP387: 2/21/2012 11:01:03 AM - System Checkpoint RP388: 2/26/2012 5:54:36 PM - System Checkpoint RP389: 3/3/2012 5:03:07 PM - System Checkpoint RP390: 3/5/2012 6:04:10 PM - System Checkpoint RP391: 3/7/2012 4:57:42 PM - Removed Java 6 Update 17 RP392: 3/7/2012 4:58:27 PM - Installed Java 6 Update 31 RP393: 3/8/2012 5:06:13 PM - System Checkpoint RP394: 3/9/2012 7:30:28 PM - System Checkpoint RP395: 3/10/2012 8:42:14 PM - System Checkpoint RP396: 3/12/2012 7:38:40 PM - System Checkpoint RP397: 3/14/2012 1:06:50 PM - System Checkpoint RP398: 3/15/2012 4:32:59 PM - System Checkpoint RP399: 3/16/2012 4:43:28 PM - System Checkpoint RP400: 3/19/2012 4:46:45 PM - System Checkpoint RP401: 3/20/2012 5:37:09 PM - System Checkpoint RP402: 3/22/2012 3:07:04 AM - System Checkpoint RP403: 3/23/2012 7:46:19 AM - System Checkpoint RP404: 3/25/2012 3:34:39 AM - System Checkpoint RP405: 3/26/2012 1:32:00 PM - System Checkpoint RP406: 3/27/2012 5:45:53 PM - System Checkpoint RP407: 3/29/2012 12:24:37 PM - System Checkpoint RP408: 3/31/2012 10:35:09 PM - System Checkpoint RP409: 4/2/2012 9:55:37 AM - System Checkpoint RP410: 4/3/2012 8:53:55 PM - System Checkpoint RP411: 4/5/2012 9:00:51 PM - System Checkpoint RP412: 4/7/2012 1:57:07 PM - System Checkpoint RP413: 4/10/2012 6:39:39 AM - System Checkpoint RP414: 4/10/2012 11:12:59 AM - Removed PGP Desktop . ==== Installed Programs ====================== . 32 Bit HP BiDi Channel Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Avaya CMS Supervisor R13 BlackBerry Desktop Software 6.0 Bonjour Brother MFL-Pro Suite MFC-J415W CA Unicenter DSM Agent + Asset Management Plugin (English only Edition) CA Unicenter DSM Agent + Remote Control Plugin (English only Edition) CA Unicenter DSM Agent + Software Delivery Plugin (English only Edition) Cisco AnyConnect VPN Client Cisco Systems VPN Client 4.0.3 (F) Client Access Shortcut Fix Compatibility Pack for the 2007 Office system ConferenceManager Application Sharing Driver 8.0.15.0 Foxit Reader Google Chrome Google Talk Plugin GoToMeeting 4.8.0.723 GPL Ghostscript Lite 8.61 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB969084) Hyperion Interactive Reporting Web Client Hyperion Reporting and Analysis Client IBM iSeries Access for Windows Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 31 Lotus Notes Malwarebytes Anti-Malware version 1.61.0.1400 MetaFrame Presentation Server Client Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Mozilla Firefox 10.0 (x86 en-GB) mp mpmri MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) Oracle10gAdmin PaperPort Image Printer QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RSA SecurID Software Token ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2483614) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype™ 4.2 Sophos Remote Management System SoundMAX Spybot - Search & Destroy Telstra Mobile Broadband Manager ThinkPad Modem ThinkPad Power Management Driver ThinkPad UltraNav Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows XP (KB2264107) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) VLC media player 1.0.5 VNC Free Edition 4.1.3 WarriorPDF 5.0.0.614 WebEx WebFldrs XP Windows Imaging Component Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR 4.00 beta 4 (32-bit) XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 4:00:50 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.1.0) disappeared from the system without first being prepared for removal. 4/5/2012 11:10:01 AM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-862' (IDE\CdRomMATSHITA_DVD-RAM_UJ-862_________________RB01____\5&28ef052f&0&0.0.0) disappeared from the system without first being prepared for removal. 4/5/2012 11:09:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 4/5/2012 11:09:32 AM, error: Dhcp [1002] - The IP address lease 10.1.1.79 for the Network Card with network address 00215C8FD1CB has been denied by the DHCP server 192.168.40.65 (The DHCP Server sent a DHCPNACK message). 4/4/2012 11:06:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/4/2012 10:56:03 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AUS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/3/2012 8:34:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 4/3/2012 8:34:19 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/10/2012 5:12:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/10/2012 11:18:27 AM, error: Service Control Manager [7031] - The Sophos Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File ===========================
  6. Hi, Need help removing mystart incredibar. I tried uninstalling but it seems to pop up on all my web browsers. Last night I was searching about this through another forum and i downloaded and ran 2 programs. SUPERantispyware and HijackThis. Don't know if that helps but thought you should know. Please help I nned this gone asap, Thanks. Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.13.05 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Rey :: RAY-PC [administrator] Protection: Enabled 1/13/2012 10:04:52 PM mbam-log-2012-01-13 (23-53-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240649 Time elapsed: 12 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:51:06 PM, on 1/12/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATT-SST\McciTrayApp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Rey\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Rey\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [chromium] C:\Users\Rey\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Licensing Console - Unknown owner - C:\Windows\system32\msvfd32.exe (file missing) O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Axiom Audio Device Monitor (AxiomAudioDevMon) - M-Audio - C:\Program Files\M-Audio\Axiom\AudioDevMon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.