peaches03 Posted November 16, 2012 ID:613811 Share Posted November 16, 2012 About two weeks ago, I was infected with a trojan. Since I am so stubborn, I decided to try and fix the problem myself. After several attempts, I believe I have removed the trojan. However, now I have spyware or malware or whatever you call it. Everytime I click on a web search link, it redirects me to oblivian. I have ran malware, macafee, avg and of course, nothing comes up. Also, my computer is stupid slow now. I do not know what the next step is in this process is. I am sure if I was computer saavy like many of you are, this would be a simple solution. Any help would be greatly appreciated! Link to post Share on other sites More sharing options...
peaches03 Posted November 16, 2012 Author ID:613812 Share Posted November 16, 2012 After looking into this a little more, I have included the dds.txt and attach.txt.attach.txtdds.txt Link to post Share on other sites More sharing options...
peaches03 Posted November 16, 2012 Author ID:613814 Share Posted November 16, 2012 And again, reading more into what is posted in forums, I should have copied and pasted instead of attached. I swear I am trying to follow directions. DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16455Run by Krista at 9:34:47 on 2012-11-16Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2933.935 [GMT -6:00].AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\crypserv.exeC:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXEC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Windows\SysWOW64\SAiAdmin.exeC:\Windows\SysWOW64\SAiDownloaderVista.exeC:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeC:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeC:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exeC:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Windows\splwow64.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\LogonUI.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\Krista\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exeC:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\splwow64.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Windows\notepad.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = g.msn.com/USCON/1uSearch Bar = PreserveuDefault_Page_URL = g.msn.com/USCON/1mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10001&barid={6214D35F-F057-11E1-92C5-F04DA252C50D}mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: {7C4155B9-EFE5-2364-45E9-6679A6060ED5} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dllBHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeuRun: [spotify] "C:\Users\Krista\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Krista\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorunuRun: [Avg2013] rundll32.exe "C:\Users\Krista\AppData\Local\Canon Easy-PhotoPrint EX\Avg2013\daibtuq.dll",RunServiceWmRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80}\452554E444E65647635313 : DHCPNameServer = 192.168.10.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80}\B427963747162E08993702960586F6E656 : DHCPNameServer = 69.78.235.35 69.78.96.14TCP: Interfaces\{574F9F4B-94AF-4A1F-9A95-CDA28588B9DB} : DHCPNameServer = 69.78.235.35 69.78.96.14TCP: Interfaces\{CEC87C89-125F-41BA-ABC1-139558405470} : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-19 55280]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-9 30568]R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2011-4-14 335288]R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-19 98208]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-13 399432]R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2011-11-28 142120]R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-19 20984]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-19 172704]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-19 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-19 271872]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-19 74280]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-19 245792]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-13 676936]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-1-18 119296]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-6 1038088]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-19 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-5 196440]S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2007-4-27 56872]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088].=============== File Associations ===============.ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1".=============== Created Last 30 ================.2012-11-16 14:11:37 -------- d-----w- C:\Users\Krista\AppData\Local\{952A64D1-0348-4602-8550-97AB8EC723E4}2012-11-14 22:02:35 -------- d-----w- C:\Users\Krista\AppData\Local\{A12E1650-C387-41E1-94D6-C5F466758C92}2012-11-14 09:42:49 0 ----a-w- C:\Windows\SysWow64\sho87AC.tmp2012-11-14 09:16:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-14 09:16:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll2012-11-14 09:16:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2012-11-14 09:16:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2012-11-14 09:07:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-14 09:07:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 09:07:01 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll2012-11-14 09:07:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 09:07:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll2012-11-14 09:07:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2012-11-14 09:07:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2012-11-14 09:02:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2012-11-14 09:02:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2012-11-14 09:02:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2012-11-14 09:02:49 744448 ----a-w- C:\Windows\System32\WUDFx.dll2012-11-14 09:02:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2012-11-14 09:02:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2012-11-14 09:02:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2012-11-14 03:52:54 -------- d-----w- C:\Users\Krista\AppData\Roaming\GlarySoft2012-11-14 03:52:54 -------- d-----w- C:\Program Files (x86)\Glary Utilities2012-11-14 02:19:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-13 19:57:47 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-13 19:57:29 95744 ----a-w- C:\Windows\System32\synceng.dll2012-11-13 19:57:29 78336 ----a-w- C:\Windows\SysWow64\synceng.dll2012-11-13 19:41:21 -------- d-----w- C:\Users\Krista\AppData\Local\{76406977-0243-4994-9407-7F5B5B8F3930}2012-11-12 03:38:06 -------- d-----w- C:\Users\Krista\AppData\Local\{4B2F051D-1860-4576-8549-0DAA78B5C15E}2012-11-09 23:49:12 -------- d-----w- C:\Users\Krista\AppData\Roaming\AVG20132012-11-09 23:48:03 -------- d-----w- C:\Users\Krista\AppData\Local\AVG Secure Search2012-11-09 23:47:37 -------- d-----w- C:\Users\Krista\AppData\Roaming\TuneUp Software2012-11-09 23:47:16 -------- d-----w- C:\ProgramData\AVG Secure Search2012-11-09 23:46:47 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2012-11-09 23:46:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2012-11-09 23:46:31 -------- d-----w- C:\Program Files (x86)\AVG Secure Search2012-11-09 23:44:36 -------- d--h--w- C:\$AVG2012-11-09 23:44:36 -------- d-----w- C:\ProgramData\AVG20132012-11-09 23:43:41 -------- d-----w- C:\Program Files (x86)\AVG2012-11-09 19:37:24 -------- d-----w- C:\8f5b24c872ce0d860f5c3286f6b7b9812012-11-09 19:18:21 -------- d-----w- C:\Users\Krista\AppData\Local\MFAData2012-11-09 19:18:21 -------- d-----w- C:\Users\Krista\AppData\Local\Avg20132012-11-09 19:18:21 -------- d-----w- C:\ProgramData\MFAData2012-11-09 14:32:33 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36E36E7B-B8EF-4659-B0D8-1E05D6CD244E}\offreg.dll2012-11-09 14:08:27 -------- d-----w- C:\Users\Krista\AppData\Local\{4DDAE2D4-BE01-4585-BE66-131FBCA646CE}2012-11-09 01:07:41 117182464 ----a-w- C:\Users\Krista\kavkis.msi2012-11-09 01:06:31 -------- d-----w- C:\Program Files (x86)\Kaspersky2012-11-09 01:04:24 -------- d-----w- C:\Users\Krista\AppData\Local\{E99F85B6-DEF5-48C0-BDA3-F957443563EF}2012-11-08 01:58:46 -------- d-----w- C:\Users\Krista\AppData\Local\{98890930-2EA7-4AD7-9286-3817F3AF0322}2012-11-07 06:28:50 -------- d-----w- C:\Users\Krista\AppData\Local\{C3F2D97D-2F2C-4BA3-8A7E-1090B6A0BBC1}2012-11-05 18:04:05 -------- d-----w- C:\Users\Krista\AppData\Local\{8F89C7E7-5FDD-4992-B943-ECE1C4B808F3}2012-11-05 16:06:18 9291768 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36E36E7B-B8EF-4659-B0D8-1E05D6CD244E}\mpengine.dll2012-11-05 16:06:10 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-11-05 16:01:32 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys2012-11-05 16:00:41 -------- d-----w- C:\Users\Krista\AppData\Local\McAfee Anti-Theft2012-11-05 15:43:41 -------- d-----w- C:\Users\Krista\AppData\Local\{46ABA313-9670-4FF2-BA54-6051D658DFE6}2012-11-05 15:25:37 -------- d-----w- C:\Users\Krista\AppData\Local\{17153C70-FA0C-45C7-8E8E-C4EC08F57626}2012-11-05 14:55:00 -------- d-----w- C:\Users\Krista\AppData\Roaming\Malwarebytes2012-11-05 14:54:38 -------- d-----w- C:\ProgramData\Malwarebytes2012-11-02 22:40:57 -------- d-----w- C:\Users\Krista\AppData\Local\{DDE82DA7-7D2F-4824-9D2F-8816CE65F393}2012-11-02 02:21:30 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer2012-11-02 02:14:06 -------- d-----w- C:\Users\Krista\AppData\Local\Threat Expert2012-11-02 02:09:32 -------- d-----w- C:\Users\Krista\AppData\Local\{B9EF04C1-7315-4FFC-AF11-DA8B5FEC6CA4}2012-10-31 14:28:37 -------- d-----w- C:\Program Files (x86)\PC Tools2012-10-31 14:22:38 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys2012-10-31 14:22:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2012-10-31 14:21:57 -------- d-----w- C:\Users\Krista\AppData\Roaming\TestApp2012-10-31 14:11:14 -------- d-----w- C:\Windows\AxInstSV2012-10-31 14:06:32 -------- d-----w- C:\Users\Krista\AppData\Local\{A28AA067-2B87-4C4A-BA85-A822AFBA510A}2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2012-10-19 01:43:54 -------- d-----w- C:\Users\Krista\AppData\Local\{9DB333DC-E541-48C7-B3BB-12C7CD6AFF04}.==================== Find3M ====================.2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2012-09-21 09:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys2012-09-21 09:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-09-14 09:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:11:01 3971440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 18:11:00 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-30 18:10:31 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-21 18:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll.============= FINISH: 9:39:07.23 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 3/28/2011 6:02:57 PMSystem Uptime: 11/16/2012 6:41:38 AM (3 hours ago).Motherboard: Dell Inc. | | 08VFX1Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | U2E1 | 1859/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 203.911 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Acrobat.comAdobe Acrobat 9 Pro - English, Français, DeutschAdobe After Effects CS4Adobe After Effects CS4 PresetsAdobe After Effects CS4 Template Projects & FootageAdobe After Effects CS4 Third Party ContentAdobe AIRAdobe Anchor Service CS4Adobe Anchor Service x64 CS4Adobe Asset Services CS4Adobe Bridge CS4Adobe CMaps CS4Adobe CMaps x64 CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Extra Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Recommended Settings CS4Adobe Color Video Profiles AE CS4Adobe Community HelpAdobe Contribute CS4Adobe Creative Suite 4 Master CollectionAdobe CS4 American English Speech Analysis ModelsAdobe CS4 French Speech Analysis ModelsAdobe CS4 German Speech Analysis ModelsAdobe CS4 International English Speech Analysis ModelsAdobe CS4 Italian Speech Analysis ModelsAdobe CS4 Japanese Speech Analysis ModelsAdobe CS4 Korean Speech Analysis ModelsAdobe CS4 Spanish Speech Analysis ModelsAdobe CSI CS4Adobe CSI CS4 x64Adobe Default Language CS4Adobe Device Central CS4Adobe Download AssistantAdobe Dreamweaver CS4Adobe Drive CS4Adobe Drive CS4 x64Adobe Dynamiclink SupportAdobe Encore CS4Adobe Encore CS4 CodecsAdobe Encore CS4 LibraryAdobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Fireworks CS4Adobe Flash CS4Adobe Flash CS4 Extension - Flash Lite STI enAdobe Flash CS4 STI-enAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveX 64-bitAdobe Fonts AllAdobe Fonts All x64Adobe Illustrator CS4Adobe InDesign CS4Adobe InDesign CS4 Application Feature Set Files (Roman)Adobe InDesign CS4 Common Base FilesAdobe InDesign CS4 Icon HandlerAdobe InDesign CS4 Icon Handler x64Adobe Linguistics CS4Adobe Linguistics CS4 x64Adobe Media Encoder CS4Adobe Media Encoder CS4 Additional ExporterAdobe Media Encoder CS4 DolbyAdobe Media Encoder CS4 ExporterAdobe Media Encoder CS4 ImporterAdobe Media PlayerAdobe MotionPicture Color Files CS4Adobe OnLocation CS4Adobe Output ModuleAdobe PDF Library Files CS4Adobe PDF Library Files x64 CS4Adobe Photoshop CS4Adobe Photoshop CS4 (64 Bit)Adobe Photoshop CS4 SupportAdobe Photoshop CS5.1Adobe Photoshop Elements 6.0Adobe Photoshop Elements 8.0Adobe Premiere Pro CS4Adobe Premiere Pro CS4 Functional ContentAdobe Premiere Pro CS4 Third Party ContentAdobe Reader X (10.1.4)Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe SGM CS4Adobe Shockwave Player 11.5Adobe SING CS4Adobe Soundbooth CS4Adobe Soundbooth CS4 CodecsAdobe Type Support CS4Adobe Type Support x64 CS4Adobe Update Manager CS4Adobe Version Cue CS4 ServerAdobe WinSoft Linguistics PluginAdobe WinSoft Linguistics Plugin x64Adobe XMP Panels CS4AdobeColorCommonSetCMYKAdvanced Audio FX EngineAdvanced Font Viewer 5.1Apple Application SupportApple Mobile Device SupportApple Software UpdateAvery TemplateAvery Wizard 4.0AVG 2013AVG Security ToolbarBonjourCanon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon MG5200 series MP DriversCanon MG5200 series User RegistrationCanon MP Navigator EX 4.0Canon My PrinterCanon Solution Menu EXCanon Utilities Digital Photo Professional 1.0Chloe's Dream ResortConnectCorel Graphics - Windows Shell ExtensionCorel Graphics - Windows Shell Extension 64 BitCorelDRAW Graphics Suite X5CorelDRAW Graphics Suite X5 - BRCorelDRAW Graphics Suite X5 - CaptureCorelDRAW Graphics Suite X5 - CommonCorelDRAW Graphics Suite X5 - ConnectCorelDRAW Graphics Suite X5 - Custom DataCorelDRAW Graphics Suite X5 - DrawCorelDRAW Graphics Suite X5 - ENCorelDRAW Graphics Suite X5 - ESCorelDRAW Graphics Suite X5 - FiltersCorelDRAW Graphics Suite X5 - FontNavCorelDRAW Graphics Suite X5 - FRCorelDRAW Graphics Suite X5 - IPMCorelDRAW Graphics Suite X5 - PHOTO-PAINTCorelDRAW Graphics Suite X5 - Photozoom PluginCorelDRAW Graphics Suite X5 - Premium FontsCorelDRAW Graphics Suite X5 - RedistCorelDRAW Graphics Suite X5 - Setup FilesCorelDRAW Graphics Suite X5 - VBACorelDRAW Graphics Suite X5 - VideoBrowserCorelDRAW Graphics Suite X5 - VSTACorelDRAW Graphics Suite X5 - WTCorelDRAW® Graphics Suite X5Coupon Printer for WindowsCrickler CrosswordsD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell DockDell Edoc ViewerDell Getting Started GuideDell Home Systems Service AgreementDell Webcam CentralDW WLAN CardEaster EggztravaganzaElizabeth Find MD Diagnosis Mystery: Season 2Encoder Pro v5.7.0EPSON Printer SoftwareF.A. Davis's Nursing Care Plans, 8effdshow [rev 2527] [2008-12-19]File Type AssistantFrostWire 5.3.9Glary Utilities 2.50.0.1632Google Apps Migration For Microsoft Outlook® 2.3.12.34Google Apps Sync™ for Microsoft Outlook® 3.2.353.947Google Calendar SyncGoogle Update HelperGoToAssist 8.0.0.514Hell's KitchenHotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)Hoyle Puzzle and Board Games 2011HP Deskjet 3050 J610 series Basic Device SoftwareHP Deskjet 3050 J610 series HelpHP Deskjet 3050 J610 series Product Improvement StudyHP Photo CreationsHP UpdateInstallIQ UpdaterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsInternet Explorer Toolbar 4.6 by SweetPacksiTunesJava Auto UpdaterJava 6 Update 20Java 6 Update 20 (64-bit)Jessica's BowWow BistroJunk Mail filter updatekulerLive! Cam Avatar CreatorMalwarebytes Anti-Malware version 1.65.1.1000MegapolisMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Runtime (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Click-to-Run 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Starter 2010 - EnglishMicrosoft Office Word MUI (English) 2010Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual Studio Tools for Applications 2.0 - ENUMicrosoft Visual Studio Tools for Applications 2.0 RuntimeMicrosoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64MotoHelper MergeModulesMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKOPERATION ManiaPDF Settings CS4PDF Settings CS5Petz Dogz 2PhotoScapePhotoshop Camera RawPhotoshop Camera Raw_x64Pickers: Adventures in RustPixel Bender ToolkitProtectDisc Driver, Version 11QBXMLRP2QuickBooksQuickBooks Pro 2009QuickLink MobileQuickset64Realtek High Definition Audio DriverRollerCoaster Tycoon 3: PlatinumRoxio BurnSAi Production SuiteSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2553488) 32-Bit EditionSentinel Protection Installer 7.4.0Shared C Run-time for x64SpotifySuite Shared Configuration CS4SupportSoft Assisted ServiceSynaptics Pointing Device DriverTextTwist 2Unity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate Installer for WildTangent Games AppVerizon V CAST Media ManagerVisual Basic for Applications ® CoreVisual Basic for Applications ® Core - EnglishVisual Studio 2010 x64 RedistributablesWildTangent GamesWildTangent Games AppWildTangent Games App (Dell Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWord Challenge ExtremeWord MonacoWord U.==== Event Viewer Messages From Past Week ========.11/9/2012 9:07:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.11/9/2012 9:06:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.11/9/2012 9:04:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.11/9/2012 9:02:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSK80Service service.11/16/2012 9:12:55 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.11/16/2012 8:11:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.11/16/2012 2:08:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.11/16/2012 12:07:37 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service has not been started.11/16/2012 12:07:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/15/2012 11:04:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user KRISTA\Guest SID (S-1-5-21-780073479-3190084785-2729974484-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.11/15/2012 10:31:04 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.11/15/2012 10:31:04 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.11/15/2012 10:31:01 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.11/15/2012 10:30:58 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.11/14/2012 5:43:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.11/14/2012 4:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.11/14/2012 3:45:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.11/13/2012 9:43:00 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {E9513610-F218-4DDA-B954-2C7E6BA7CABB} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding11/12/2012 3:20:20 AM, Error: Service Control Manager [7034] - The McAfee Application Installer Cleanup (0300371352470432) service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2012 ID:613909 Share Posted November 16, 2012 Hello peaches03 and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1Please uninstall the following applications:AVG Security ToolbarFrostWire 5.3.9Internet Explorer Toolbar 4.6 by SweetPacksStep 2Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3Please download Malwarebytes Anti-Rootkit from here.Unzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.In your next reply, post the following log files:Junkware Removal Tool logMalwarebytes' Anti-Rootkit loga new fresh DDS log Link to post Share on other sites More sharing options...
peaches03 Posted November 19, 2012 Author ID:614819 Share Posted November 19, 2012 Thank you so much for all of your help! Sorry it took me a little longer to get back to you. The logs are posted as requested.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 3.1.4 (11.16.2012)OS: Windows 7 Home Premium x64Ran by Krista on Sun 11/18/2012 at 20:20:41.58Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7c4155b9-efe5-2364-45e9-6679a6060ed5}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\ask"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 11/18/2012 at 23:47:09.08End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
peaches03 Posted November 19, 2012 Author ID:614820 Share Posted November 19, 2012 Malwarebytes Anti-Rootkit 1.1.0.1009www.malwarebytes.orgDatabase version: v2012.11.19.04Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Krista :: KRISTA [administrator]11/19/2012 8:03:54 AMmbar-log-2012-11-19 (08-03-54).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: PUP | PUM | P2PObjects scanned: 6076Time elapsed: 10 minute(s), 50 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Krista\AppData\Local\Temp\0.6386772521472874 (Exploit.Drop.9) -> Delete on reboot. [37badfd85effb2841e0c863d19e9b848](end) Link to post Share on other sites More sharing options...
peaches03 Posted November 19, 2012 Author ID:614824 Share Posted November 19, 2012 DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16455Run by Krista at 8:16:33 on 2012-11-19Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2933.1323 [GMT -6:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\crypserv.exeC:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXEC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SysWOW64\SAiAdmin.exeC:\Windows\SysWOW64\SAiDownloaderVista.exeC:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeC:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeC:\Users\Krista\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = g.msn.com/USCON/1uSearch Bar = PreserveuDefault_Page_URL = g.msn.com/USCON/1mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exeuRun: [spotify] "C:\Users\Krista\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Krista\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Avg2013] rundll32.exe "C:\Users\Krista\AppData\Local\Canon Easy-PhotoPrint EX\Avg2013\daibtuq.dll",RunServiceWuRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorunmRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80}\452554E444E65647635313 : DHCPNameServer = 192.168.10.1TCP: Interfaces\{1679F72B-B2FA-4C47-895A-E7CE829EDA80}\B427963747162E08993702960586F6E656 : DHCPNameServer = 69.78.235.35 69.78.96.14TCP: Interfaces\{574F9F4B-94AF-4A1F-9A95-CDA28588B9DB} : DHCPNameServer = 69.78.235.35 69.78.96.14TCP: Interfaces\{CEC87C89-125F-41BA-ABC1-139558405470} : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-19 55280]R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2011-4-14 335288]R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-19 98208]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-13 399432]R2 SAiAdmin;SAiAdmin;C:\Windows\SysWOW64\SAiAdmin.exe [2011-11-28 65536]R2 SAiDownloaderVista;SAiDownloaderVista;C:\Windows\SysWOW64\SAiDownloaderVista.exe [2011-11-28 77824]R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2011-11-28 142120]R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-4-27 316992]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-19 1692480]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-19 2320920]R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-19 20984]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-19 172704]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-19 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-19 271872]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-19 74280]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-13 676936]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-1-18 119296]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-6 1038088]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-19 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-5 196440]S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-11-19 36680]S3 mbamswissarmy;mbamswissarmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2012-11-19 152392]S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-19 245792]S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2007-4-27 56872]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-1 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1".=============== Created Last 30 ================.2012-11-19 14:09:18 -------- d-----w- C:\Users\Krista\AppData\Local\{D5D39BF4-3436-452A-9036-09B4F0D73DC6}2012-11-19 13:47:32 152392 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys2012-11-19 13:47:31 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2012-11-19 02:03:31 -------- d-----w- C:\Users\Krista\AppData\Local\{6AD54EB3-4702-4F98-BB67-2127746A1865}2012-11-17 19:38:58 -------- d-----w- C:\Users\Krista\AppData\Local\{0ED81297-925A-4F92-AFA2-2F5A115E130D}2012-11-17 05:28:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E92C9735-6BF6-411A-BC45-5797FFC4C2AF}\offreg.dll2012-11-17 04:50:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-11-17 04:50:55 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E92C9735-6BF6-411A-BC45-5797FFC4C2AF}\mpengine.dll2012-11-17 04:41:57 -------- d-----w- C:\Windows\ERUNT2012-11-17 04:41:44 -------- d-----w- C:\JRT2012-11-16 14:11:37 -------- d-----w- C:\Users\Krista\AppData\Local\{952A64D1-0348-4602-8550-97AB8EC723E4}2012-11-14 22:02:35 -------- d-----w- C:\Users\Krista\AppData\Local\{A12E1650-C387-41E1-94D6-C5F466758C92}2012-11-14 09:42:49 0 ----a-w- C:\Windows\SysWow64\sho87AC.tmp2012-11-14 09:16:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-14 09:16:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll2012-11-14 09:16:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2012-11-14 09:16:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2012-11-14 09:07:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-14 09:07:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 09:07:01 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll2012-11-14 09:07:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 09:07:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll2012-11-14 09:07:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2012-11-14 09:07:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2012-11-14 09:02:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2012-11-14 09:02:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2012-11-14 09:02:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2012-11-14 09:02:49 744448 ----a-w- C:\Windows\System32\WUDFx.dll2012-11-14 09:02:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2012-11-14 09:02:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2012-11-14 09:02:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2012-11-14 03:52:54 -------- d-----w- C:\Users\Krista\AppData\Roaming\GlarySoft2012-11-14 03:52:54 -------- d-----w- C:\Program Files (x86)\Glary Utilities2012-11-14 02:19:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-13 19:57:47 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-13 19:57:29 95744 ----a-w- C:\Windows\System32\synceng.dll2012-11-13 19:57:29 78336 ----a-w- C:\Windows\SysWow64\synceng.dll2012-11-13 19:41:21 -------- d-----w- C:\Users\Krista\AppData\Local\{76406977-0243-4994-9407-7F5B5B8F3930}2012-11-12 03:38:06 -------- d-----w- C:\Users\Krista\AppData\Local\{4B2F051D-1860-4576-8549-0DAA78B5C15E}2012-11-09 23:47:37 -------- d-----w- C:\Users\Krista\AppData\Roaming\TuneUp Software2012-11-09 23:44:36 -------- d-----w- C:\ProgramData\AVG20132012-11-09 19:37:24 -------- d-----w- C:\8f5b24c872ce0d860f5c3286f6b7b9812012-11-09 19:18:21 -------- d-----w- C:\Users\Krista\AppData\Local\MFAData2012-11-09 19:18:21 -------- d-----w- C:\Users\Krista\AppData\Local\Avg20132012-11-09 19:18:21 -------- d-----w- C:\ProgramData\MFAData2012-11-09 14:08:27 -------- d-----w- C:\Users\Krista\AppData\Local\{4DDAE2D4-BE01-4585-BE66-131FBCA646CE}2012-11-09 01:07:41 117182464 ----a-w- C:\Users\Krista\kavkis.msi2012-11-09 01:06:31 -------- d-----w- C:\Program Files (x86)\Kaspersky2012-11-09 01:04:24 -------- d-----w- C:\Users\Krista\AppData\Local\{E99F85B6-DEF5-48C0-BDA3-F957443563EF}2012-11-08 01:58:46 -------- d-----w- C:\Users\Krista\AppData\Local\{98890930-2EA7-4AD7-9286-3817F3AF0322}2012-11-07 06:28:50 -------- d-----w- C:\Users\Krista\AppData\Local\{C3F2D97D-2F2C-4BA3-8A7E-1090B6A0BBC1}2012-11-05 18:04:05 -------- d-----w- C:\Users\Krista\AppData\Local\{8F89C7E7-5FDD-4992-B943-ECE1C4B808F3}2012-11-05 16:06:10 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-11-05 16:01:32 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys2012-11-05 16:00:41 -------- d-----w- C:\Users\Krista\AppData\Local\McAfee Anti-Theft2012-11-05 15:43:41 -------- d-----w- C:\Users\Krista\AppData\Local\{46ABA313-9670-4FF2-BA54-6051D658DFE6}2012-11-05 15:25:37 -------- d-----w- C:\Users\Krista\AppData\Local\{17153C70-FA0C-45C7-8E8E-C4EC08F57626}2012-11-05 14:55:00 -------- d-----w- C:\Users\Krista\AppData\Roaming\Malwarebytes2012-11-05 14:54:38 -------- d-----w- C:\ProgramData\Malwarebytes2012-11-02 22:40:57 -------- d-----w- C:\Users\Krista\AppData\Local\{DDE82DA7-7D2F-4824-9D2F-8816CE65F393}2012-11-02 02:21:30 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer2012-11-02 02:14:06 -------- d-----w- C:\Users\Krista\AppData\Local\Threat Expert2012-11-02 02:09:32 -------- d-----w- C:\Users\Krista\AppData\Local\{B9EF04C1-7315-4FFC-AF11-DA8B5FEC6CA4}2012-10-31 14:28:37 -------- d-----w- C:\Program Files (x86)\PC Tools2012-10-31 14:22:38 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys2012-10-31 14:22:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2012-10-31 14:21:57 -------- d-----w- C:\Users\Krista\AppData\Roaming\TestApp2012-10-31 14:11:14 -------- d-----w- C:\Windows\AxInstSV2012-10-31 14:06:32 -------- d-----w- C:\Users\Krista\AppData\Local\{A28AA067-2B87-4C4A-BA85-A822AFBA510A}.==================== Find3M ====================.2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:11:01 3971440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 18:11:00 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-30 18:10:31 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-21 18:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll.============= FINISH: 8:19:26.87 =============== Link to post Share on other sites More sharing options...
peaches03 Posted November 19, 2012 Author ID:614957 Share Posted November 19, 2012 I haven't done anything on my laptop except the scans and had the forum open all day waiting for a reply. Now I have the FBI Trojan/malware/virus and I can't do anything on it. I am replying by my phone. Ugh!! Hopefully maniac, you can helpe out of this as well. Link to post Share on other sites More sharing options...
Maniac Posted November 21, 2012 ID:615641 Share Posted November 21, 2012 For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
LDTate Posted November 27, 2012 ID:617719 Share Posted November 27, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts