Jump to content

Search the Community

Showing results for tags 'redirection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. Hi everyone, a few days ago I ran an ipconfig and noticed I had a DNS prefix: utopia.net. After a few more scans, I noticed that all my traffic was redirected through that site. I tried running Malwarebytes, but it wouldn't open. After running adwcleaner, I could run it, but it didn't find anything. ipconfig still reported that utopia.net redirection was still there. I scanned the registry and manually deleted all entries containing this name, I edited the DNS registry entry to point to my DNS and locked the entry to prevent it from being modified. I did a flushdns and ipconfig reported that the redirection was finally gone. I added rules in my firewall to prevent any access to the site or any of the IPs I found associated to it. Now, after a week or so, I find again that this DNS prefix has come back! Again I ran MB, but it doesn't find anything. I'm not cleaning the registry by hand again, as it proved to be only a temporary solution. I'm attaching FRST's and mbam's reports. Thank you! MB Report.txt Shortcut.txt Addition.txt FRST.txt
  2. Hi there. I've been annoyed for weeks by a browser redirection to which a Google search does not offer answers. ? Various virus laboratories do not provide any answers either. I have also visited www.Virustotal.com before. This is about "VigLink". When I want to open a page, a page of VigLink appears and cheekily no option is offered to get rid of it. This is illegal in Germany and Europe. I have only half-heartedly taken care of this so far, because fortunately the redirection does not happen every day. I tried AdwCleaner, but it didn't find anything obvious. I hope that someone has further, constructive ideas for solutions. ? With best regards, Zebulon (aka ZebulonHH).
  3. im having a very weird form of redirect virus (page name appears to be GOAC before the redirect happens) which is taking place on all of my installed browsers. Reinstalling any won't help. any help would be greatly appreciated. I tried full scanning using Malwarebytes, Windows Defender, Kaspersky's Toolkit scanner tool, and no threats were found.
  4. How do I remove the Yet Another Cleaner adware also known as YAC? I uninstalled & deleted it and The cookies in both Firefox & IE searched for ot in Appdata along with their Appstore! Still getting ads and my adblocker plus is installed & active I also have your Malwarebytes Premium installed I am also been forcibly redirected to the Who say oh snap page from my Soup IO Page when I open it! Thank You In Advance!
  5. Hi guys, My exgirlfriend spent some time with my laptop and now I am infected with this rootkit. I would like to clean it. It redirects to google.com/webhp Also, sometimes uwanted urls pop up, and I think it is part of the same problem. I already used my installed tools and it didn´t work. I run windows 7 Home Premium Service Pack 1 Avast Free antivirus (for some reason, some features are deactivated and I cannot enable it again). Spybot search and Destry Spywareblaster Zone Alarm free firewall I already runned my antivirus (before starting windows) and the anistpyware but the problem is still there. Please, I need advice to clean webhp and other possible infection from my computer. Thank you so much!
  6. Note: This was posted to the wrong forum. Hello, 2 weeks ago, when I was doing a transaction in my bank web site, I clicked on an advertisement in the bank web site. But instead of going to the Web page, I was redirected to a site advertising Panda Software Antivirus that looks not proper. I closed everything and called my bank technical support. The technician told me that when he was clicking on the advertisement, he was going to the proper page and that probably my Internet Explorer was infected. 1.The problem: UrL in bank web page: when mouse scroll over advetisement: https://rbc.bridgetr...=643277&r=90484 Final UrL after redirection: http://download.clou...=8&bt_trf=83300I ran my McAfee Antivirus Plus and and 1 trojans was detected and 3 Potentialy Unwanted programs: I tested again the link and the problem was stil there. 2. MAM scan reports: I scanned my computer with Malwarebytes Anti-malware and got the following reports: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.31.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gilles :: OWNER-AKF11BV1P [administrator] 31/05/2012 6:01:25 PM mbam-log-2012-05-31 (18-01-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 331701 Time elapsed: 1 hour(s), 17 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)I tested again the advertisement and the redirection was still there. 3.SpyHunter scaN: - Downloaded SpyHunter and scanned my computer: - see attached file: was unable to copy it. - It identified 4 threats and I fixed thembut the redirection was still there. Scan again with MAM but reports were empty. Nothing found. 4, After some additional research, found your forum and decided to ask for help. I followed your instructions in topic "I'm infected- what do I do now" and I am sending to you the DDS.txt file and Attach.txt file. DDS file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Gilles at 19:06:52 on 2012-06-08 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.383 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Ahead\InCD\InCDsrv.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\rundll32.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.lactualite.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120429230329.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dll TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\gilles\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: gouv.qc.ca\www.registrefoncier DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125 DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\impotrapide 2009\ic2009pp.dll Handler: intu-ir2011 - {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - c:\program files\impotrapide 2011\ic2011pp.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-13 464304] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-13 89792] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 95200] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-13 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-13 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-13 151880] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-6-2 763840] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-13 57600] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-13 180848] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-13 59456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-13 340920] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104] S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-13 87656] . =============== Created Last 30 ================ . 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe 2012-06-08 18:32:02 -------- d-----w- C:\sh4ldr 2012-06-08 18:32:02 -------- d-----w- c:\program files\Enigma Software Group 2012-06-08 18:31:18 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP 2012-06-08 18:31:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-05-31 21:56:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-31 21:55:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-24 18:54:53 -------- d-----w- c:\documents and settings\gilles\application data\PriceGong 2012-05-24 18:38:17 -------- d-----w- c:\documents and settings\gilles\local settings\application data\Conduit 2012-05-23 19:40:56 -------- d-----w- c:\program files\Conduit . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ============= FINISH: 19:09:06.56 ===============Attach.txt file: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 21/12/2009 5:49:14 PM System Uptime: 08/06/2012 5:32:09 PM (2 hours ago) . Motherboard: Intel Corporation | | D845EPT2 Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 2.32 GiB free. D: is FIXED (NTFS) - 186 GiB total, 88.87 GiB free. E: is CDROM () F: is CDROM () G: is FIXED (NTFS) - 596 GiB total, 154.969 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP679: 09/04/2012 9:30:06 PM - System Checkpoint RP680: 10/04/2012 9:40:27 PM - System Checkpoint RP681: 11/04/2012 3:01:11 AM - Software Distribution Service 3.0 RP682: 12/04/2012 4:02:58 AM - System Checkpoint RP683: 13/04/2012 4:06:16 AM - System Checkpoint RP684: 14/04/2012 10:33:10 AM - System Checkpoint RP685: 15/04/2012 11:23:06 AM - System Checkpoint RP686: 16/04/2012 10:46:57 PM - System Checkpoint RP687: 17/04/2012 11:21:06 PM - System Checkpoint RP688: 19/04/2012 9:44:09 PM - System Checkpoint RP689: 20/04/2012 10:43:33 PM - System Checkpoint RP690: 22/04/2012 2:51:12 AM - System Checkpoint RP691: 23/04/2012 3:24:12 AM - System Checkpoint RP692: 24/04/2012 4:23:54 AM - System Checkpoint RP693: 25/04/2012 5:23:50 AM - System Checkpoint RP694: 26/04/2012 6:23:33 AM - System Checkpoint RP695: 27/04/2012 7:23:32 AM - System Checkpoint RP696: 29/04/2012 11:15:07 PM - System Checkpoint RP697: 01/05/2012 9:41:40 PM - System Checkpoint RP698: 02/05/2012 10:15:55 PM - System Checkpoint RP699: 03/05/2012 10:36:25 PM - System Checkpoint RP700: 07/05/2012 8:19:48 PM - System Checkpoint RP701: 08/05/2012 8:29:17 PM - System Checkpoint RP702: 09/05/2012 9:29:18 PM - System Checkpoint RP703: 10/05/2012 3:01:38 AM - Software Distribution Service 3.0 RP704: 11/05/2012 3:11:05 AM - System Checkpoint RP705: 12/05/2012 3:20:04 AM - System Checkpoint RP706: 13/05/2012 4:20:04 AM - System Checkpoint RP707: 14/05/2012 9:07:05 AM - System Checkpoint RP708: 15/05/2012 9:20:11 AM - System Checkpoint RP709: 16/05/2012 10:20:04 AM - System Checkpoint RP710: 17/05/2012 11:20:12 AM - System Checkpoint RP711: 18/05/2012 12:19:37 PM - System Checkpoint RP712: 19/05/2012 1:19:32 PM - System Checkpoint RP713: 20/05/2012 2:19:30 PM - System Checkpoint RP714: 21/05/2012 3:17:24 PM - System Checkpoint RP715: 22/05/2012 3:00:40 AM - Software Distribution Service 3.0 RP716: 22/05/2012 9:45:51 PM - Software Distribution Service 3.0 RP717: 23/05/2012 3:00:27 AM - Software Distribution Service 3.0 RP718: 24/05/2012 3:19:45 AM - System Checkpoint RP719: 25/05/2012 4:19:25 AM - System Checkpoint RP720: 26/05/2012 5:19:14 AM - System Checkpoint RP721: 27/05/2012 6:19:16 AM - System Checkpoint RP722: 28/05/2012 7:19:30 AM - System Checkpoint RP723: 28/05/2012 9:32:01 PM - Installed MyFonts Order M3792118 RP724: 29/05/2012 10:09:37 PM - System Checkpoint RP725: 30/05/2012 10:19:15 PM - System Checkpoint RP726: 31/05/2012 10:19:43 PM - System Checkpoint RP727: 03/06/2012 5:16:32 PM - System Checkpoint RP728: 04/06/2012 5:38:50 PM - System Checkpoint RP729: 04/06/2012 11:36:54 PM - Software Distribution Service 3.0 RP730: 06/06/2012 12:09:25 AM - System Checkpoint RP731: 07/06/2012 12:10:11 AM - System Checkpoint RP732: 08/06/2012 1:09:51 AM - System Checkpoint RP733: 08/06/2012 2:32:00 PM - Installed SpyHunter . ==== Installed Programs ====================== . AceHTML Freeware Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Photoshop 6.0 Adobe Photoshop Elements 8.0 Adobe Reader X (10.1.3) Anti-phishing Domain Advisor Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 6 Ask Toolbar AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bonjour CameraHelperMsi Canon MP Navigator EX 3.1 Canon Utilities Solution Menu CanoScan 9000F Scanner Driver CanoScan Toolbox 4.1 Coffret de pilotes Logitech Webcam Software Dell ResourceCD Driver Detective DVD Solution erLT Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet 6500 Series ImpôtRapide 2009 ImpôtRapide 2010 ImpôtRapide 2011 InCD iTunes LightScribe 1.4.74.1 Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.61.0.1400 McAfee AntiVirus Plus McAfee Security Scan Plus Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Combat Flight Simulator 3 Mission Pack Microsoft Combat Flight Simulator 3.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (French) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office XP Web Components Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft Software Update for Web Folders (French) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Multimedia Launcher MyFonts Order M3792118 MyStart Toolbar Nero 8 Nero MediaHome CE Nero OEM Nero Recode CE Nero ShowTime CE neroxml Nikon Message Center NVIDIA Display Driver NVIDIA Drivers Octoshape add-in for Adobe Flash Player OmniPage SE PhotoInPress BookDesigner PictureProject Presto! PageManager 6 Print@Fujicolor QuickTime RegCure Samsung_MonSetup Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype Toolbars Skype™ 5.1 SoundMAX Spybot - Search & Destroy SpyHunter System Requirements Lab Toolbar Cleaner 1.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VCRedistSetup WebFldrs XP Winamp Winamp Toolbar Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 08/06/2012 4:08:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 01/06/2012 1:38:07 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. . ==== End Of File ===========================
  7. Hello. I've seen other people post with this same problem, but the solution has varied by user. I've picked up Trojan.Dropper.BCMiner from an infected site. When I went to the site, it automatically began downloading a PDF (I didn't click on anyting). I tried to cancel the download, but the download showed completed in my Firefox Downloads window. Because of the unprompted download, I ran MBAM, and it found the BCMiner trojan. MBAM finds it, quarantines it succesfully, and prompts a reboot, but the trojan is still there on every restart -- MBAM finds it again. After unsuccessful removal attempts w. MBAM, I ran Trend Micro's HouseCall, which also found the Trojan and also prompted a reboot to finish "fixing" the infection. But after reboot, the Trojan is still there and detectable by both HC and MBAM. It's causing system slowdown, redirecting links in search results to spam/advertising sites, and opening new browser windows to spam/ad sites when I first launch my browsers. Please help. I'm over my head here and don't run anything like Combofix or Farfar without instructions. The DDS.txt and Attach.txt logs are below. I can also post my MBAM logs if needed. Any help is very much appreciated. ------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by v at 13:37:15 on 2012-06-19 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4816 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\WUDFHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nytimes.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [Google Update] "C:\Users\v\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: alohaenterprise.com\nextstudent Trusted Zone: nextstudent.com\exchange DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 10.10.1.77 10.10.1.83 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\140707C65602E4564777F627B602564693632693 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\14E64627F696461405 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{77690690-0FDD-488C-A672-5196682B4345} : DhcpNameServer = 10.10.1.77 10.10.1.83 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-29 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-29 13336] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-29 689472] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2320920] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-06-19 15:53:34 21520 ----a-w- C:\Windows\DCEBoot64.exe 2012-06-19 15:53:32 129024 ----a-w- C:\Windows\RegBootClean64.exe 2012-06-19 11:12:28 -------- d-----w- C:\Program Files (x86)\Kaspersky 2012-06-19 09:42:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-16 04:18:10 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04148417-5380-469B-A127-3C937C84097A}\mpengine.dll 2012-06-16 04:13:09 -------- d-----w- C:\Users\v\AppData\Local\Macromedia 2012-05-29 02:01:45 -------- d-----w- C:\Users\v\.swt 2012-05-29 02:01:08 -------- d-----w- C:\Users\v\AppData\Local\CRE 2012-05-29 02:00:59 -------- d-----w- C:\Program Files (x86)\Conduit 2012-05-29 02:00:58 -------- d-----w- C:\Users\v\AppData\Local\Conduit . ==================== Find3M ==================== . 2012-06-16 04:11:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-16 04:11:34 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 18:01:19 60336 ----a-w- C:\Users\v\g2mdlhlpx.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-04-21 02:51:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec 2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-31 22:01:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-03-31 05:52:37 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:43:25 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:43:25 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 13:37:27.90 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/22/2011 11:58:55 PM System Uptime: 6/19/2012 12:16:25 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G62V9 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 468.842 GiB free. D: is CDROM () E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP142: 5/24/2012 8:34:21 AM - Windows Update RP143: 5/26/2012 8:51:52 AM - Windows Update RP144: 5/29/2012 8:48:52 PM - Windows Update RP145: 6/2/2012 11:03:11 AM - Windows Update RP146: 6/6/2012 7:09:03 AM - Windows Update RP147: 6/12/2012 8:21:07 PM - Windows Update RP148: 6/14/2012 8:01:39 AM - Windows Update RP149: 6/15/2012 9:16:25 PM - Windows Update . ==== Installed Programs ====================== . Across Lite Adobe Flash Player 11 Plugin Adobe Reader 9.1 Advanced Audio FX Engine Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement Cozi DAEMON Tools Lite dBpoweramp Music Converter Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central Google Chrome GoToAssist 8.0.0.514 GoToMeeting 5.3.0.970 GPL Ghostscript Lite 8.70 IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 31 Junk Mail filter update Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT QuickTime Realtek USB 2.0 Card Reader Rosetta Stone Version 3 Roxio Burn Security Update for CAPICOM (KB931906) Skype Toolbars Skype™ 4.2 VLC media player 1.1.11 Vuze WebEx WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 6/19/2012 9:40:10 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/19/2012 9:40:10 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/19/2012 9:38:01 AM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 6/19/2012 9:38:00 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/19/2012 9:37:58 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/19/2012 9:37:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/17/2012 8:48:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AESTFilters service. . ==== End Of File ===========================
  8. Hello. I've seen other people post with this same problem, but the solution has varied by user. I've picked up Trojan.Dropper.BCMiner from an infected site. When I went to the site, it automatically began downloading a PDF (I didn't click on anyting). I tried to cancel the download, but the download showed completed in my Firefox Downloads window. Because of the unprompted download, I ran MBAM, and it found the BCMiner trojan. MBAM finds it, quarantines it succesfully, and prompts a reboot, but the trojan is still there on every restart -- MBAM finds it again. After unsuccessful removal attempts w. MBAM, I ran Trend Micro's HouseCall, which also found the Trojan and also prompted a reboot to finish "fixing" the infection. But after reboot, the Trojan is still there and detectable by both HC and MBAM. Please help. I'm over my head here and don't want to run anything like Combofix or Farfar without instructions. I can post MBAM logs, but didn't want to do that until instructed. Any help is very much appreciated.
  9. Hello, 2 weeks ago, when I was doing a transaction in my bank web site, I clicked on an advertisement in the bank web site. But instead of going to the Web page, I was redirected to a site advertising Panda Software Antivirus that looks not proper. I closed everything and called my bank technical support. The technician told me that when he was clicking on the advertisement, he was going to the proper page and that probably my Internet Explorer was infected. 1.The problem: UrL in bank web page: when mouse scroll over advetisement: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=90484 Final UrL after redirection: http://download.cloudantivirus.com/eng/malicious/?id=antiphishing-mystart3_6dn&url=rbc.bridgetrack.com/wmdi/_redir.htm?btdata=402127b796a617059574945bebeb4aba198978494faf8f3eceac5c2d69c220f2&bt_con=52&bt_as=8&bt_trf=83300I ran my McAfee Antivirus Plus and and 1 trojans was detected and 3 Potentialy Unwanted programs: I tested again the link and the problem was stil there. 2. MAM scan reports: I scanned my computer with Malwarebytes Anti-malware and got the following reports: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.31.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gilles :: OWNER-AKF11BV1P [administrator] 31/05/2012 6:01:25 PM mbam-log-2012-05-31 (18-01-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 331701 Time elapsed: 1 hour(s), 17 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)I tested again the advertisement and the redirection was still there. 3.SpyHunter scaN: - Downloaded SpyHunter and scanned my computer: - see attached file: was unable to copy it. - It identified 4 threats and I fixed thembut the redirection was still there. Scan again with MAM but reports were empty. Nothing found. 4, After some additional research, found your forum and decided to ask for help. I followed your instructions in topic "I'm infected- what do I do now" and I am sending to you the DDS.txt file and Attach.txt file. DDS file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Gilles at 19:06:52 on 2012-06-08 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.383 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Ahead\InCD\InCDsrv.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\rundll32.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.lactualite.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120429230329.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dll TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\gilles\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: gouv.qc.ca\www.registrefoncier DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125 DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\impotrapide 2009\ic2009pp.dll Handler: intu-ir2011 - {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - c:\program files\impotrapide 2011\ic2011pp.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-13 464304] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-13 89792] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 95200] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-13 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-13 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-13 151880] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-6-2 763840] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-13 57600] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-13 180848] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-13 59456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-13 340920] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104] S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-13 87656] . =============== Created Last 30 ================ . 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe 2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe 2012-06-08 18:32:02 -------- d-----w- C:\sh4ldr 2012-06-08 18:32:02 -------- d-----w- c:\program files\Enigma Software Group 2012-06-08 18:31:18 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP 2012-06-08 18:31:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-05-31 21:56:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-31 21:55:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-24 18:54:53 -------- d-----w- c:\documents and settings\gilles\application data\PriceGong 2012-05-24 18:38:17 -------- d-----w- c:\documents and settings\gilles\local settings\application data\Conduit 2012-05-23 19:40:56 -------- d-----w- c:\program files\Conduit . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ============= FINISH: 19:09:06.56 =============== Attach.txt file: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 21/12/2009 5:49:14 PM System Uptime: 08/06/2012 5:32:09 PM (2 hours ago) . Motherboard: Intel Corporation | | D845EPT2 Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 2.32 GiB free. D: is FIXED (NTFS) - 186 GiB total, 88.87 GiB free. E: is CDROM () F: is CDROM () G: is FIXED (NTFS) - 596 GiB total, 154.969 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP679: 09/04/2012 9:30:06 PM - System Checkpoint RP680: 10/04/2012 9:40:27 PM - System Checkpoint RP681: 11/04/2012 3:01:11 AM - Software Distribution Service 3.0 RP682: 12/04/2012 4:02:58 AM - System Checkpoint RP683: 13/04/2012 4:06:16 AM - System Checkpoint RP684: 14/04/2012 10:33:10 AM - System Checkpoint RP685: 15/04/2012 11:23:06 AM - System Checkpoint RP686: 16/04/2012 10:46:57 PM - System Checkpoint RP687: 17/04/2012 11:21:06 PM - System Checkpoint RP688: 19/04/2012 9:44:09 PM - System Checkpoint RP689: 20/04/2012 10:43:33 PM - System Checkpoint RP690: 22/04/2012 2:51:12 AM - System Checkpoint RP691: 23/04/2012 3:24:12 AM - System Checkpoint RP692: 24/04/2012 4:23:54 AM - System Checkpoint RP693: 25/04/2012 5:23:50 AM - System Checkpoint RP694: 26/04/2012 6:23:33 AM - System Checkpoint RP695: 27/04/2012 7:23:32 AM - System Checkpoint RP696: 29/04/2012 11:15:07 PM - System Checkpoint RP697: 01/05/2012 9:41:40 PM - System Checkpoint RP698: 02/05/2012 10:15:55 PM - System Checkpoint RP699: 03/05/2012 10:36:25 PM - System Checkpoint RP700: 07/05/2012 8:19:48 PM - System Checkpoint RP701: 08/05/2012 8:29:17 PM - System Checkpoint RP702: 09/05/2012 9:29:18 PM - System Checkpoint RP703: 10/05/2012 3:01:38 AM - Software Distribution Service 3.0 RP704: 11/05/2012 3:11:05 AM - System Checkpoint RP705: 12/05/2012 3:20:04 AM - System Checkpoint RP706: 13/05/2012 4:20:04 AM - System Checkpoint RP707: 14/05/2012 9:07:05 AM - System Checkpoint RP708: 15/05/2012 9:20:11 AM - System Checkpoint RP709: 16/05/2012 10:20:04 AM - System Checkpoint RP710: 17/05/2012 11:20:12 AM - System Checkpoint RP711: 18/05/2012 12:19:37 PM - System Checkpoint RP712: 19/05/2012 1:19:32 PM - System Checkpoint RP713: 20/05/2012 2:19:30 PM - System Checkpoint RP714: 21/05/2012 3:17:24 PM - System Checkpoint RP715: 22/05/2012 3:00:40 AM - Software Distribution Service 3.0 RP716: 22/05/2012 9:45:51 PM - Software Distribution Service 3.0 RP717: 23/05/2012 3:00:27 AM - Software Distribution Service 3.0 RP718: 24/05/2012 3:19:45 AM - System Checkpoint RP719: 25/05/2012 4:19:25 AM - System Checkpoint RP720: 26/05/2012 5:19:14 AM - System Checkpoint RP721: 27/05/2012 6:19:16 AM - System Checkpoint RP722: 28/05/2012 7:19:30 AM - System Checkpoint RP723: 28/05/2012 9:32:01 PM - Installed MyFonts Order M3792118 RP724: 29/05/2012 10:09:37 PM - System Checkpoint RP725: 30/05/2012 10:19:15 PM - System Checkpoint RP726: 31/05/2012 10:19:43 PM - System Checkpoint RP727: 03/06/2012 5:16:32 PM - System Checkpoint RP728: 04/06/2012 5:38:50 PM - System Checkpoint RP729: 04/06/2012 11:36:54 PM - Software Distribution Service 3.0 RP730: 06/06/2012 12:09:25 AM - System Checkpoint RP731: 07/06/2012 12:10:11 AM - System Checkpoint RP732: 08/06/2012 1:09:51 AM - System Checkpoint RP733: 08/06/2012 2:32:00 PM - Installed SpyHunter . ==== Installed Programs ====================== . AceHTML Freeware Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Photoshop 6.0 Adobe Photoshop Elements 8.0 Adobe Reader X (10.1.3) Anti-phishing Domain Advisor Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 6 Ask Toolbar AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bonjour CameraHelperMsi Canon MP Navigator EX 3.1 Canon Utilities Solution Menu CanoScan 9000F Scanner Driver CanoScan Toolbox 4.1 Coffret de pilotes Logitech Webcam Software Dell ResourceCD Driver Detective DVD Solution erLT Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet 6500 Series ImpôtRapide 2009 ImpôtRapide 2010 ImpôtRapide 2011 InCD iTunes LightScribe 1.4.74.1 Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.61.0.1400 McAfee AntiVirus Plus McAfee Security Scan Plus Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Combat Flight Simulator 3 Mission Pack Microsoft Combat Flight Simulator 3.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (French) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office XP Web Components Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft Software Update for Web Folders (French) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Multimedia Launcher MyFonts Order M3792118 MyStart Toolbar Nero 8 Nero MediaHome CE Nero OEM Nero Recode CE Nero ShowTime CE neroxml Nikon Message Center NVIDIA Display Driver NVIDIA Drivers Octoshape add-in for Adobe Flash Player OmniPage SE PhotoInPress BookDesigner PictureProject Presto! PageManager 6 Print@Fujicolor QuickTime RegCure Samsung_MonSetup Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype Toolbars Skype™ 5.1 SoundMAX Spybot - Search & Destroy SpyHunter System Requirements Lab Toolbar Cleaner 1.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VCRedistSetup WebFldrs XP Winamp Winamp Toolbar Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 08/06/2012 4:08:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 01/06/2012 1:38:07 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.