Backdoor.bot/American Express phishing

[philooza]

Had this thing on my computer; tricked me into giving out personal information on American Express website, only popping up after I successfully logged in to the amex site. It also prevented me from making any online payment on the amex website. I removed it with malware bytes and could then make an online payment. I want to make sure it's gone completely.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.10.18.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Ed Grossi :: EDGROSSI-PC [administrator]

10/18/2012 1:55:50 PM

mbam-log-2012-10-18 (14-09-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 268215

Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{1DB3E0C7-D2BE-AD40-3CF6-D7220DC3F43F} (Backdoor.Bot) -> Data: "C:\Users\Ed Grossi\AppData\Roaming\Axnam\exxeez.exe" -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Ed Grossi\AppData\Roaming\Axnam\exxeez.exe (Backdoor.Bot) -> No action taken.

(end)

[Maniac]

Hello philooza! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please contact immediately to American Express and let them know about that.

https://www.americanexpress.com/

Please follow the instructions here and post the log file in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

[philooza]

DDS and Attach logs:

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by Ed Grossi at 18:57:06 on 2012-10-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.904 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

C:\Program Files\Nuance\PaperPort\pptd40nt.exe

C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Futiro\Futiro for Skype\FutiroForSkype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe

C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Users\Ed Grossi\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Tabs3\cmmain.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Tabs3\STMapi.exe

C:\Tabs3\dropbox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\ProgramData\LexisNexis\OfficeTaskPaneUIService.exe

C:\ProgramData\LexisNexis\OfficeUserStorageService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll

TB: PracticeMaster: {4E4D87BA-2985-409B-8D81-1F4B0F990902} - c:\tabs3\pmlinkie.dll

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [Futiro for Skype] c:\program files\futiro\futiro for skype\FutiroForSkype.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [scanSnap WIA Service Checker] c:\windows\ssdriver\fi5110\SsWiaChecker.exe

mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"

mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"

mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"

mRun: [PDFHook] c:\program files\nuance\pdfviewerplus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdfviewerplus\RegistryController.exe

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

StartupFolder: c:\users\edgros~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ed grossi\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\edgros~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder\CardLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoWelcomeScreen = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Append to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Create PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {4E4D87BA-2985-409B-8D81-1F4B0F990902}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab

TCP: NameServer = 192.168.1.2

TCP: Interfaces\{0E918401-D87B-4218-B25A-C9894B7A2BD0} : DHCPNameServer = 192.168.1.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Notify: spba - c:\program files\common files\spba\homefus2.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages = msv1_0 wvauth

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ed grossi\appdata\roaming\mozilla\firefox\profiles\j4ffp2co.default\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1311761199e6b4a9|http://www.judiciary.state.nj.us/|http://www.law.com/jsp/nj/index.jsp?slreturn=1&hbxlogin=1|http://www.nj.com/starledger/

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-09-30 11:35; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-6-29 127488]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-4 296808]

R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2012-1-30 32336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-11-12 47640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-9 2214504]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-2-10 144672]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-5-26 349224]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-18 40776]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-9 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-19 250808]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-9 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 114144]

S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-14 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-10-18 22:31:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-18 19:44:39 -------- d-----w- c:\program files\ESET

2012-10-18 17:54:45 -------- d-----w- c:\users\ed grossi\appdata\roaming\Malwarebytes

2012-10-18 17:53:39 -------- d-----w- c:\programdata\Malwarebytes

2012-10-18 17:53:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-18 17:53:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-17 17:46:34 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4ae5e1c0-baf2-4ee3-944c-f13e6b8a2b97}\mpengine.dll

2012-10-10 05:29:01 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-03 17:25:59 -------- d-----w- c:\users\ed grossi\appdata\local\DDMSettings

2012-09-25 21:56:22 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 18:34:09 -------- d-----w- c:\users\ed grossi\appdata\roaming\Intuit

2012-09-22 18:32:29 -------- d-----w- c:\users\ed grossi\appdata\local\IsolatedStorage

2012-09-22 18:32:27 -------- d-----w- c:\program files\common files\Intuit

2012-09-22 18:32:13 -------- d-----w- c:\program files\TurboTax

2012-09-22 18:32:01 -------- d-----w- c:\programdata\Intuit

2012-09-19 19:41:20 -------- d-----w- c:\program files\common files\DivX Shared

2012-09-19 19:41:10 -------- d-----w- c:\program files\DivX

2012-09-19 19:40:52 -------- d-----w- c:\programdata\DivX

.

==================== Find3M ====================

.

2012-10-09 16:27:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 16:27:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll

.

============= FINISH: 18:57:41.64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/11/2011 2:00:16 PM

System Uptime: 10/18/2012 3:34:54 PM (3 hours ago)

.

Motherboard: Dell Inc. | | 0HN7XN

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz | CPU | 3200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 149.782 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 1863 GiB total, 1842.612 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP186: 10/2/2012 4:04:20 AM - Windows Update

RP187: 10/5/2012 12:26:18 PM - Windows Update

RP188: 10/9/2012 4:23:39 AM - Windows Update

RP189: 10/10/2012 3:00:36 AM - Windows Update

RP190: 10/16/2012 5:50:30 AM - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader for ScanSnap 4.1

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BioAPI Framework

Bonjour

Broadcom NetXtreme-I Netlink Driver and Management Installer

CardMinder

CardMinder V4.1

Custom

CyberLink PowerDVD 9.5

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell Data Protection | Access

Dell Data Protection | Access | Drivers

Dell Data Protection | Access | Middleware

Dell Edoc Viewer

DellAccess

DirectX 9 Runtime

DivX Setup

Dragon NaturallySpeaking 11

Dropbox

DYMO Label v.8

DYMO LabelWriter Drivers

EMBASSY Security Center

ESET Online Scanner v3

Evernote v. 4.5.2

Futiro for Skype

Gemalto

Google Calendar Sync

Google Chrome

Google Update Helper

GoToMeeting 4.8.0.723

iCloud

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

Lexis® for Microsoft® Office

LogMeIn

Malwarebytes Anti-Malware version 1.65.1.1000

Memeo Instant Backup

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 4.0 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

NTRU TCG Software Stack

Nuance PaperPort 12

Nuance PDF Viewer Plus

NVIDIA Control Panel 275.33

NVIDIA Graphics Driver 275.33

NVIDIA Install Application

NVIDIA Update 1.3.5

NVIDIA Update Components

PaperPort Image Printer

PC-CCID

PhotoShowExpress

Preboot Manager

Private Information Manager

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

ScanSnap

ScanSnap Manager

ScanSnap Organizer

Scansoft PDF Professional

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SimplyFile (remove only)

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

SPBA 5.9

Stamps.com

Stamps.com Application Support for Microsoft Outlook 2000-2010

Stamps.com Application Support for Microsoft Word 2000-2010

Stamps.com support for Microsoft Outlook 2000-2010

Stamps.com support for Microsoft Word 2000-2010

System Requirements Lab

Tabs3/PracticeMaster Programs

Trusted Drive Manager

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnjiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Upek Touchchip Fingerprint Reader

VC80CRTRedist - 8.0.50727.6195

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

Wave Infrastructure Installer

Wave Support Software Installer

WebEx

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

10/18/2012 3:35:15 PM, Error: Service Control Manager [7000] - The GoToMyPC service failed to start due to the following error: The system cannot find the file specified.

10/18/2012 3:35:12 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

10/18/2012 2:48:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

[Maniac]

Are you still with me?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!