Jump to content

pup.crossfire.sa & Babylon issues


Timrl

Recommended Posts

Hello, for awhile I've had issues with Babylon taking over my browser but since there was no harm done(visibly) I didn't bother to try to remove it other than the occasional scan from Malwarebytes, however upon scanning this morning, I found a new friend. pup.crossfire.sa had popped up on the scan and I noticed that on my webpages now random words will become hyperlinks and lead to scam websites, knowing this wasn't right, I removed it via Malwarebytes, ran a full scan, and removed another and then restarted. My issue was fixed for... roughly five minutes before they began popping up again... upon running another Malwarebytes scan, they aren't there, but I'm still having issues so I decided it's time to ask for some help. Thanks in advance for your time, here are the files with which I've been asked to include.

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Timothy_Leis at 12:04:41 on 2012-12-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3758 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\3DO\Might and Magic VII\Register\Remind32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\notepad.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93

uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

mWinlogon: Userinit = userinit.exe,

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: InboxDollars BHO: {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll

uRun: [Google Update] "C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\TIMOTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\3DO-MI~1.LNK - C:\Program Files (x86)\3DO\Might and Magic VII\Register\Remind32.exe

StartupFolder: C:\Users\TIMOTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{56129704-2F79-4324-89A0-5D752DF43327} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1 66.103.80.4 66.103.64.4

TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\9505E465A4 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\E4544574541425 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 71.19.150.124 forums.windower.net

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=190712_n_mont_3012_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - b8457168000000000000ac728971fb93

FF - user.js: extensions.BabylonToolbar.instlDay - 15545

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.121:14:15

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-1-10 28992]

R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-1-10 249152]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-5 98208]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-5 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-5 2656280]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-5 176096]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-1 283200]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-5 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-5 181760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 412264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-5 158976]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-5 250984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-3 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2012-12-05 04:27:04 -------- d-----w- C:\Program Files (x86)\iFoxSoft

2012-12-05 04:26:49 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-12-05 04:26:49 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-12-05 04:26:49 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2012-12-05 04:26:49 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-12-05 04:26:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2012-12-05 04:24:16 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\Coupon Companion

2012-12-05 04:24:15 -------- d-----w- C:\Program Files (x86)\Coupon Companion

2012-12-04 23:23:16 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CAB305-D5F5-40A4-BEE7-F314BA3BFC00}\mpengine.dll

2012-12-02 07:28:34 -------- d-----w- C:\Program Files (x86)\EA Games

2012-12-01 11:25:04 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{72F22AF4-7340-4A37-9BA8-DC5CE1772878}

2012-12-01 10:39:02 -------- d-----w- C:\Program Files (x86)\3DO

2012-12-01 10:37:11 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-12-01 10:37:01 -------- d--h--w- C:\Windows\msdownld.tmp

2012-12-01 10:36:57 -------- d-----w- C:\Windows\SysWow64\directx

2012-12-01 10:36:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-01 10:36:52 -------- d-----w- C:\Program Files\iTunes

2012-12-01 10:36:52 -------- d-----w- C:\Program Files\iPod

2012-12-01 10:36:52 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-01 10:33:46 306688 ----a-w- C:\Windows\IsUninst.exe

2012-12-01 10:26:39 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-12-01 10:26:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-11-30 05:39:01 -------- d-----w- C:\Program Files (x86)\Cossacks

2012-11-30 05:38:32 53248 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-11-29 08:00:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-24 11:37:00 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{E9CACF95-3803-4577-BFB3-B4B56DFDE23B}

2012-11-20 12:45:57 -------- d-----w- C:\Program Files (x86)\AutoClickerbyShocker

2012-11-18 06:36:38 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{610D9C51-C6BC-431F-A702-F40E7E6F31B2}

2012-11-16 11:53:21 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{BE0852A4-0AEF-459F-ACDC-6ED19B0FA8FA}

2012-11-15 09:02:54 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-15 09:02:54 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-14 15:12:20 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{0D71EBE2-B480-40FC-ACC7-23C4232E4E76}

2012-11-14 15:04:05 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 15:04:05 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 15:04:05 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 15:04:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 15:02:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 15:02:13 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 09:00:38 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 09:00:38 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 09:00:37 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 09:00:37 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 09:00:37 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-13 03:22:57 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\WinZip

2012-11-11 04:00:20 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{6D061935-73BD-4206-B74C-130C0ACC1BD9}

2012-11-08 14:06:52 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{EEF3C035-2DCC-4C28-A69F-1F662C4D3B3E}

.

==================== Find3M ====================

.

2012-11-29 07:59:29 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-11-29 07:59:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-09 07:02:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 07:02:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 16:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-09-28 16:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 12:05:08.06 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/2/2011 3:10:12 PM

System Uptime: 12/5/2012 11:55:32 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FRK44

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 577 GiB total, 384.488 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP163: 11/29/2012 1:59:17 AM - Installed Java 7 Update 9

RP164: 11/29/2012 3:00:12 AM - Windows Update

RP165: 12/1/2012 4:26:41 AM - Device Driver Package Install: DT Soft Ltd System devices

RP166: 12/1/2012 4:37:43 AM - Installed DirectX

RP167: 12/4/2012 5:22:35 PM - Windows Update

RP168: 12/4/2012 10:26:56 PM - Installed Photo Crop Editor 2.02

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auto Clicker by Shocker

Banctec Service Agreement

Blio

Bonjour

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

Coupon Companion

Cozi

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Filzip 3.06

FINAL FANTASY XI

FINAL FANTASY XI: Chains of Promathia

FINAL FANTASY XI: Rise of the Zilart

FINAL FANTASY XI: Treasures of Aht Urhgan

FINAL FANTASY XI: Wings of the Goddess

FINAL FANTASY XIV

GameStop App

Google Chrome

High-Definition Video Playback

InboxDollars

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor 2.0

Intel® WiDi

Intel® Wireless Display

iRip

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 24 (64-bit)

Java 6 Update 37

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Might and Magic® VII

Minecraft 1.4.5

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

Mumble 1.2.3

Need For Speed Hot Pursuit 2

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Notepad++

NVIDIA 3D Vision Driver 285.62

NVIDIA Control Panel 285.62

NVIDIA Graphics Driver 285.62

NVIDIA HD Audio Driver 1.2.24.0

NVIDIA Install Application

NVIDIA Optimus 1.5.20

NVIDIA PhysX

NVIDIA PhysX System Software 9.11.0621

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.5.20

NVIDIA Update Components

Photo Crop Editor 2.02

PlayOnline Viewer & Tetra Master

PlayReady PC Runtime x86

POLUtils

Premium Service Agreement

QualxServ Service Agreement

Quickset64

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Shockwave

Skype Toolbars

Skype™ 6.0

swMSM

SyncUP

System Requirements Lab

TrustedID

Ultimate Healer

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Ventrilo Client for Windows x64

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 16.5

XI-Util

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

12/5/2012 11:57:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

12/1/2012 4:37:24 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

12/1/2012 4:36:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

12/1/2012 4:35:36 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/1/2012 4:35:19 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • Staff

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • Root Admin

I'll go ahead and take over this topic for Chris.

Please run the following steps.

STEP 1

Please uninstall the following old versions of Java from Control Panel, Programs

Java™ 6 Update 24 (64-bit)

Java™ 6 Update 37

STEP 2

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 3

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 4

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

STEP 5

Next, please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/

EU Link: http://www.eset.eu/online-scanner/

Note: You will need to use Internet Explorer for this scan or if using Chrome or Firefox you may need to download the scanner manually.

Manual scanner download link (only needed if you cannot run the scanner from Internet Explorer)

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

* Tick the box next to YES, I accept the Terms of Use.

* Click Start

* When asked, allow the program to install the "OnlineScanner.cab" file by clicking the Install button

* You may get a warning about resending the data, please click on the Retry button if shown

* Click Yes to allow it to install the Scanner cab file now

* Make sure that the options "Remove found threats" is checked

* Then click on the "Advanced settings" link.

* Make sure that the option "Scan for potentially unwanted applications" is checked.

* Make sure that the option "Scan for potentially unsafe applications" is checked.

* Make sure that the option "Enable Anti-Stealth technology" is checked.

* Now click the Start button

* It may ask one more time to install a cab file, please click Yes to allow it.

* Now it will download the virus signature database and then automatically start scanning your system.

* Wait for the scan to finish

* When the scan is finished make sure to click on the "List of found threats"

* Now click on the "Export to text file" link and save the log to a location where you can find it again later.

* Then click the "back" button

* Now click on the "Finish" button and go ahead and close the program.

* Go find the exported list of detected files you saved earlier and attach that log on your next reply.

Thank you

Link to post
Share on other sites

Here is the AdwCleaner log while I run the other steps :

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 20:33:02

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Timothy_Leis - TIMOTHY_LEIS-PC

# Boot Mode : Normal

# Running from : C:\Users\Timothy_Leis\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Public\Desktop\iLivid.lnk

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\uTorrentControl2

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Timothy_Leis\AppData\Local\Conduit

Folder Deleted : C:\Users\Timothy_Leis\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Timothy_Leis\AppData\LocalLow\uTorrentControl2

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\ConduitCommon

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\CT3072253

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\FCTB

Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\FCTB000062133

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\Software\uTorrentControl2

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{052F7505-0463-4DB4-AD95-33A906D81D8C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A96AF925-8C00-4DCF-B18F-E5DE79DB8243}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93 --> hxxp://www.google.com

-\\ Mozilla Firefox v8.0 (en-US)

Profile name : default

File : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\prefs.js

C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);

Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sat Jun 02 2012 02:29:11 GMT-0500 (Central Daylight[...]

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Deleted : user_pref("CT3072253.CTID", "CT3072253");

Deleted : user_pref("CT3072253.CurrentServerDate", "19-7-2012");

Deleted : user_pref("CT3072253.DSInstall", false);

Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Deleted : user_pref("CT3072253.FirstServerDate", "2-6-2012");

Deleted : user_pref("CT3072253.FirstTime", true);

Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3072253.HPInstall", false);

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CT3072253.Initialize", true);

Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3072253.InstallationId", "fftA69B.tmp.exe");

Deleted : user_pref("CT3072253.InstallationType", "XPE");

Deleted : user_pref("CT3072253.InstalledDate", "Sat Jun 02 2012 02:25:54 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Deleted : user_pref("CT3072253.IsGrouping", false);

Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Deleted : user_pref("CT3072253.IsMulticommunity", false);

Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);

Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Fri Oct 19 2012 00:46:05 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3072253.LatestVersion", "3.13.0.6");

Deleted : user_pref("CT3072253.Locale", "en");

Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);

Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");

Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the Web");

Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Fri Oct 19 2012 00:46:04 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);

Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Fri Oct 19 2012 00:46:05 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Oct 19 2012 00:46:04 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT3072253.SettingsLastUpdate", "1350221780");

Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Oct 02 2012 03:00:53 GMT-0500 (Central Day[...]

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3072253.UserID", "UN60344898116551841");

Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Deleted : user_pref("CT3072253.autoDisableScopes", -1);

Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "536174204A756E20303220323031322030323A32353A35362[...]

Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central [...]

Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.initDone", true);

Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3072253.myStuffEnabled", true);

Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]

Deleted : user_pref("CT3072253.revertSettingsEnabled", false);

Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.testingCtid", "");

Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central D[...]

Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central D[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"df8[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Timothy_Leis\\AppData\\Roaming\\Moz[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=fr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");

Deleted : user_pref("CommunityToolbar.globalUserId", "f193521d-6abe-4332-9fc3-777bc781bab1");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Oct 19 2012 00:46:0[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Oct 19 2012 00:48:15 GMT-0500 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "eb3a1083-ea1c-493e-99d8-62e6066678fb");

Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the Web");

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&bab[...]

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "b8457168000000000000ac728971fb93");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15545");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=190712_n_mont_3012_6");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=19071[...]

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.121:14:15");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 19);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 19);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1350625565354");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "chrome%3A//branding/l[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "79708409");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "525e68e4d164393154b2af33e8cf0b79748[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]

Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntr[...]

Deleted [l.79] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Deleted [l.82] : keyword = "babylon.com",

Deleted [l.85] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=190712_n_mont_3012_6[...]

Deleted [l.1939] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=[...]

*************************

AdwCleaner[s1].txt - [23108 octets] - [11/12/2012 20:33:02]

########## EOF - C:\AdwCleaner[s1].txt - [23169 octets] ##########

Link to post
Share on other sites

JRT Log as I continue :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.0.7 (12.11.2012:3)

OS: Windows 7 Home Premium x64

Ran by Timothy_Leis on Tue 12/11/2012 at 20:37:30.81

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Timothy_Leis\appdata\local\coupon companion"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Timothy_Leis\AppData\Roaming\mozilla\firefox\profiles\zxipgp8v.default\extensions\crossriderapp4493@crossrider.com

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 12/11/2012 at 20:43:08.32

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Minitoolbox :

MiniToolBox by Farbar Version: 25-11-2012

Ran by Timothy_Leis (administrator) on 11-12-2012 at 20:45:20

Running from "C:\Users\Timothy_Leis\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Timothy_Leis-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2

Physical Address. . . . . . . . . : AC-72-89-71-FB-93

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

Physical Address. . . . . . . . . : AC-72-89-71-FB-93

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Physical Address. . . . . . . . . : AC-72-89-71-FB-96

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030

Physical Address. . . . . . . . . : AC-72-89-71-FB-92

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::e98c:86b1:f300:e70d%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Tuesday, December 11, 2012 8:34:20 PM

Lease Expires . . . . . . . . . . : Wednesday, December 12, 2012 8:34:20 PM

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DHCPv6 IAID . . . . . . . . . . . : 229405321

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-F6-EA-9F-14-FE-B5-C6-07-89

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : linksys.com

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : 14-FE-B5-C6-07-89

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1cf7:1eee:9332:de29(Preferred)

Link-local IPv6 Address . . . . . : fe80::1cf7:1eee:9332:de29%22(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: home

Address: 192.168.1.254

Name: google.com

Addresses: 2607:f8b0:4000:800::1000

74.125.227.128

74.125.227.129

74.125.227.130

74.125.227.131

74.125.227.132

74.125.227.133

74.125.227.134

74.125.227.135

74.125.227.136

74.125.227.137

74.125.227.142

Pinging google.com [74.125.227.33] with 32 bytes of data:

Reply from 74.125.227.33: bytes=32 time=20ms TTL=53

Reply from 74.125.227.33: bytes=32 time=21ms TTL=53

Ping statistics for 74.125.227.33:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 21ms, Average = 20ms

Server: home

Address: 192.168.1.254

Name: yahoo.com

Addresses: 72.30.38.140

98.138.253.109

98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=77ms TTL=49

Reply from 72.30.38.140: bytes=32 time=87ms TTL=49

Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 77ms, Maximum = 87ms, Average = 82ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

16...ac 72 89 71 fb 93 ......Microsoft Virtual WiFi Miniport Adapter #2

15...ac 72 89 71 fb 93 ......Microsoft Virtual WiFi Miniport Adapter

14...ac 72 89 71 fb 96 ......Bluetooth Device (Personal Area Network)

12...ac 72 89 71 fb 92 ......Intel® Centrino® Wireless-N 1030

11...14 fe b5 c6 07 89 ......Realtek PCIe FE Family Controller

1...........................Software Loopback Interface 1

21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

22...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.103 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.103 281

192.168.1.103 255.255.255.255 On-link 192.168.1.103 281

192.168.1.255 255.255.255.255 On-link 192.168.1.103 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.103 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.103 281

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

22 58 ::/0 On-link

1 306 ::1/128 On-link

22 58 2001::/32 On-link

22 306 2001:0:9d38:953c:1cf7:1eee:9332:de29/128

On-link

12 281 fe80::/64 On-link

22 306 fe80::/64 On-link

22 306 fe80::1cf7:1eee:9332:de29/128

On-link

12 281 fe80::e98c:86b1:f300:e70d/128

On-link

1 306 ff00::/8 On-link

12 281 ff00::/8 On-link

22 306 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2012-12-05 19:11:46.048

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-05 19:11:46.032

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-10 17:50:26.619

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Timothy_Leis\Downloads\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-10 17:50:26.610

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Timothy_Leis\Downloads\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

7-Zip 9.20

Accidental Damage Services Agreement (Version: 2.0.0)

Adobe AIR (Version: 2.6.0.19120)

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)

Adobe Flash Player 11 Plugin (Version: 11.4.402.287)

Adobe Reader X (10.1.4) MUI (Version: 10.1.4)

Adobe Shockwave Player 11.6 (Version: 11.6.1.629)

Advanced Audio FX Engine (Version: 1.12.05)

Apple Application Support (Version: 2.3.2)

Apple Mobile Device Support (Version: 6.0.1.3)

Apple Software Update (Version: 2.1.3.127)

Auto Clicker by Shocker (Version: V3.0)

Banctec Service Agreement (Version: 2.0.0)

Blio (Version: 2.3.7140)

Bonjour (Version: 3.0.0.10)

CCleaner (Version: 3.25)

Complete Care Business Service Agreement (Version: 2.0.0)

Consumer In-Home Service Agreement (Version: 2.0.0)

Coupon Companion (Version: 1.24.151.151)

Cozi (Version: 1.0.6505.38692)

D3DX10 (Version: 15.4.2368.0902)

DAEMON Tools Lite (Version: 4.46.1.0327)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup - Support Software (Version: 9.4.60)

Dell DataSafe Local Backup (Version: 9.4.60)

Dell DataSafe Online (Version: 2.1.19634)

Dell Edoc Viewer (Version: 1.0.0)

Dell Getting Started Guide (Version: 1.00.0000)

Dell Home Systems Service Agreement (Version: 2.0.0)

Dell MusicStage (Version: 1.5.201.0)

Dell PhotoStage (Version: 1.5.0.65)

Dell Stage (Version: 1.5.420.0)

Dell Support Center (Version: 3.2.6032.102)

Dell Touchpad (Version: 7.1209.101.204)

Dell VideoStage (Version: 1.2.0.1712)

Dell Webcam Central (Version: 2.00.44)

Filzip 3.06 (Version: 3.0.6)

FINAL FANTASY XI (Version: 1.010.0)

FINAL FANTASY XI: Chains of Promathia (Version: 1.27.0)

FINAL FANTASY XI: Rise of the Zilart (Version: 1.18.0)

FINAL FANTASY XI: Treasures of Aht Urhgan (Version: 1.35.0)

FINAL FANTASY XI: Wings of the Goddess (Version: 1.42.0)

FINAL FANTASY XIV

FINAL FANTASY XIV (Version: 1.0.0000)

GameStop App (Version: 4.00)

Google Chrome (Version: 23.0.1271.95)

High-Definition Video Playback (Version: 7.3.10000.0.0)

InboxDollars

Intel PROSet Wireless

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 8.15.10.2345)

Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.1.0489)

Intel® PROSet/Wireless WiFi Software (Version: 14.1.2000)

Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)

Intel® WiDi (Version: 2.1.38.0)

Intel® Wireless Display

iRip (Version: 1.2)

iTunes (Version: 11.0.0.163)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.10411.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Might and Magic® VII

Minecraft 1.4.5

Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

Mumble 1.2.3 (Version: 1.2.3)

Need For Speed Hot Pursuit 2

Nero 10 Movie ThemePack Basic (Version: 10.2.10200.0.0)

Nero Control Center 10 (Version: 10.6.12500.0.5)

Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)

Nero Core Components 10 (Version: 2.0.20000.9.12)

Nero Update (Version: 11.0.10623.22.0)

Notepad++ (Version: 5.9.6)

NVIDIA 3D Vision Driver 285.62 (Version: 285.62)

NVIDIA Control Panel 285.62 (Version: 285.62)

NVIDIA Graphics Driver 285.62 (Version: 285.62)

NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)

NVIDIA Install Application (Version: 2.1002.46.235)

NVIDIA Optimus 1.5.20 (Version: 1.5.20)

NVIDIA PhysX (Version: 9.11.0621)

NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)

NVIDIA Update 1.5.20 (Version: 1.5.20)

NVIDIA Update Components (Version: 1.5.20)

Photo Crop Editor 2.02

PlayOnline Viewer & Tetra Master (Version: 1.18.00)

PlayReady PC Runtime x86 (Version: 1.3.0)

POLUtils

Premium Service Agreement (Version: 2.0.0)

QualxServ Service Agreement (Version: 2.0.0)

Quickset64 (Version: 11.0.15)

Realtek High Definition Audio Driver (Version: 6.0.1.6312)

Skype Toolbars (Version: 1.0.4051)

Skype™ 6.0 (Version: 6.0.126)

swMSM (Version: 12.0.0.1)

SyncUP (Version: 1.10.11100.8.106)

SyncUP (Version: 10.2.14900)

System Requirements Lab

TrustedID (Version: 5.0)

Ultimate Healer (Version: 2.0.3)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Ventrilo Client for Windows x64 (Version: 3.0.8.0)

VLC media player 1.1.11 (Version: 1.1.11)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinZip 16.5 (Version: 16.5.10096)

XI-Util (Version: 0.5.4192.2421)

Zinio Reader 4 (Version: 4.2.4164)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 28%

Total physical RAM: 6038.17 MB

Available physical RAM: 4313.01 MB

Total Pagefile: 12074.53 MB

Available Pagefile: 10176.01 MB

Total Virtual: 4095.88 MB

Available Virtual: 3952 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:340.19 GB) NTFS

========================= Users: ========================================

User accounts for \\TIMOTHY_LEIS-PC

Administrator Guest Timothy_Leis

UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Link to post
Share on other sites

After a 2 and a half hour scan... :

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Documents\Clipper - Copy.exe probably a variant of Win32/TrojanDownloader.Agent.COVLPIJ trojan cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Documents\Clipper.exe probably a variant of Win32/TrojanDownloader.Agent.COVLPIJ trojan cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Auto_Clicker_by_Shocker-BP2-75742161 (1).exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Auto_Clicker_by_Shocker-BP2-75742161.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-MP3_Quality_Modifier-SEO2-10922166.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Photo_Crop_Editor-SEO2-10536710 (1).exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Photo_Crop_Editor-SEO2-10536710.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\DTLite4461-0327.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\SoftonicDownloader_for_directx.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\Timothy_Leis\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined

C:\Users\Timothy_Leis\Downloads\{XIPATCH_07-23-12.7z}_downloader_411a.exe a variant of Win32/YourFileDownloader application cleaned by deleting - quarantined

Link to post
Share on other sites

  • Root Admin

The Dell DataSafe items were probably a false positive. You may need to check with Dell to reinstall, fix that.

A few of the downloads may or may not have been a false positive but as they're downloads and not installed programs the removal should not impact the use of the computer.

How is the computer running now? Are there still any signs of infection or redirection going on?

Thanks

Link to post
Share on other sites

  • Root Admin

Great,

Please download Security Check from one of the links below.

http://screen317.spywareinfoforum.org/SecurityCheck.exe

or

http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt

Please post the contents of that document back here

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 9

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 8.0 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

Please update your Adobe Reader. From within the program you should be able to check for updates.

Then either uninstall Firefox if you're not using it or update it to the latest version.

Please click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator"

Then type in the following and press the Enter key after each line.

Then post back the results please.

sc qc wscsvc

sc queryex wscsvc

Here is an example of a good value.

C:\>sc qc wscsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START (DELAYED)
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\>sc queryex wscsvc

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 476
FLAGS :

Link to post
Share on other sites

Adobe showed there was no updates available and here is the log.

C:\Windows\system32>sc qc wscsvc

[sC] QueryServiceConfig SUCCESS

SERVICE_NAME: wscsvc

TYPE : 20 WIN32_SHARE_PROCESS

START_TYPE : 2 AUTO_START (DELAYED)

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw

orkRestricted

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Security Center

DEPENDENCIES : RpcSs

: winmgmt

SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>sc queryex wscsvc

SERVICE_NAME: wscsvc

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 372

FLAGS :

Link to post
Share on other sites

Just for easier viewing.



C:\Windows\system32>sc qc wscsvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START (DELAYED)
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>sc queryex wscsvc

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 372
FLAGS :

Link to post
Share on other sites

  • Root Admin

Please go ahead then and uninstall Combofix from your system. Click on START and type in the following and hit the Enter key.

combofix.exe /uninstall

Then go ahead and delete any left over programs or log files used during this process and go ahead and read the information from the link below on how to help protect your computer from getting infected.

Best Practices for Safe Computing - Prevention of Malware Infection

I'll go ahead then and close your topic soon and wish you well and hope you have a Merry Christmas and Happy New Year.

Take care

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.