Jump to content

i hope my computer is clean now from PUP.CROSSFIRE.SA


Recommended Posts

hi, the other day i ran malwarebytes and it found the pup.crossfire.sa twice...i ran a full scan afterwards and then today i ran malwarebytes chameleon...i didnt even know i had those on my computer, my browser just froze and wouldn't load some webpages...

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.15.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Barb :: MOM [administrator]

12/15/2012 11:32:26 PM

mbam-log-2012-12-15 (23-32-26).txt

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 373230

Time elapsed: 1 hour(s), 57 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.16.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Barb :: MOM [administrator]

12/16/2012 2:39:16 PM

mbam-log-2012-12-16 (14-39-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215798

Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Link to post
Share on other sites

.DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Barb at 21:35:14 on 2012-12-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2795.1514 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Barb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Barb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Barb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Barb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Barb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110226211940.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Barb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Barb\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{219C4F1B-1F92-4674-8B9E-7F4CE63B2BBA} : DHCPNameServer = 192.168.1.1 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://acer.msn.com

x64-mDefault_Page_URL = hxxp://acer.msn.com

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110226211939.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-26 607152]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-26 281544]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-2 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-2 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-2 62584]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203776]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-9 311376]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-2 868224]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-3 655944]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-26 190256]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-26 156248]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-2 243232]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-1-8 46136]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-12-23 115216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-2 76912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-26 24904]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-26 217696]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-8 38528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-26 97960]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-2 246376]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-15 22:59:07 -------- d-----w- C:\Program Files\Enigma Software Group

2012-12-15 22:57:53 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-12-15 22:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-12-15 22:48:13 -------- d-----w- C:\Users\Barb\AppData\Roaming\DriverCure

2012-12-15 22:48:12 -------- d-----w- C:\Users\Barb\AppData\Roaming\SpeedyPC Software

2012-12-15 22:47:31 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-12-14 20:53:39 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-14 20:53:39 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-14 20:53:39 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-14 20:53:39 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-14 20:28:30 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-14 20:28:30 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-14 20:28:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-14 20:28:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-14 20:28:26 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-14 20:28:26 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-14 20:28:26 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-14 20:16:17 -------- d-----w- C:\Users\Barb\AppData\Local\RockMelt

2012-12-14 20:11:07 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-12-14 20:11:06 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-12-14 20:11:06 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-12-14 20:11:06 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-12-14 20:10:30 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-12-14 20:10:30 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-12-14 20:10:30 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-12-14 20:10:29 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-12-14 20:10:29 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-12-14 20:10:28 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-12-14 20:10:28 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-12-14 20:10:27 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2012-12-14 20:10:26 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-12-14 20:10:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-12-14 20:10:25 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-12-14 20:10:24 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-12-14 20:06:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-14 20:06:45 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-14 20:05:01 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-14 19:59:22 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-12-14 19:59:21 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-12-14 19:56:58 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-14 19:50:40 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-14 19:50:38 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-14 18:55:49 -------- d-----w- C:\Program Files (x86)\Zen Deals

2012-12-14 18:55:00 -------- d-----w- C:\ProgramData\Sendori

2012-12-14 18:54:58 -------- d-----w- C:\Program Files (x86)\Sendori

2012-12-14 16:22:49 -------- d-----w- C:\Program Files (x86)\SaveValet

2012-12-14 16:21:28 -------- d-----w- C:\Program Files (x86)\Perion

.

==================== Find3M ====================

.

2012-12-14 20:33:11 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-14 20:33:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

============= FINISH: 21:36:33.95 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/10/2011 7:58:52 PM

System Uptime: 12/16/2012 11:42:18 AM (10 hours ago)

.

Motherboard: Acer | | Aspire 5253

Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 167.833 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP212: 11/23/2012 2:02:09 PM - Scheduled Checkpoint

RP213: 11/28/2012 12:39:06 PM - Windows Update

RP214: 12/6/2012 11:50:27 AM - Scheduled Checkpoint

RP215: 12/13/2012 1:20:31 AM - Windows Update

RP216: 12/14/2012 3:05:13 PM - Restore Operation

RP217: 12/14/2012 3:26:58 PM - Windows Update

RP218: 12/15/2012 5:58:06 PM - Installed SpyHunter

RP219: 12/15/2012 7:25:13 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

18 Wheels of Steel - American Long Haul

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

AMD Fuel

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI Catalyst Install Manager

Backup Manager V3

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bonjour

Build-a-lot 2

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCleaner

Chuzzle Deluxe

Conexant HD Audio

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

Dropbox

FATE

ffdshow [rev 2527] [2008-12-19]

Google Chrome

Google Translator

Habi Makeover Basic

Identity Card

Java 7 Update 9

Java Auto Updater

Jewel Quest - Heritage

Jewel Quest Solitaire 2

John Deere Drive Green

Junk Mail filter update

Launch Manager

LG Verizon United Drivers

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Agent

McAfee Security Scan Plus

McAfee VirusScan Enterprise

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Norton Online Backup

NTI Media Maker 9

OpenOffice.org 3.3

Opera 12.02

Opera 12.11

Penguins!

Plants vs. Zombies

Polar Bowler

Polar Golfer

QuickTime

Realtek USB 2.0 Card Reader

Rhapsody

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Shredder

Skype™ 5.10

SuperPoke! Pets Lite

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Verizon V CAST Media Manager

Virtual Villagers 4 - The Tree of Life

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WMV9/VC-1 Video Playback

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

12/16/2012 11:12:03 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

12/15/2012 5:12:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

12/14/2012 3:02:07 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.

12/14/2012 11:22:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.

12/14/2012 11:22:45 AM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/14/2012 1:55:44 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).

12/14/2012 1:55:44 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.

12/12/2012 5:31:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/12/2012 5:31:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

12/11/2012 5:54:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.

.

==== End Of File ===========================

Link to post
Share on other sites

Run the following and post the produced logs:

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • 1. Wait until Prescan has finished...
  • The following EULA will appear, please select accept
    RKLicence.png
  • 2. Ensure MBR scan, Check faked and AntiRootkit are checked
  • 3. Select Scan
    RK1A.png
  • When the scan completes select Report, copy and paste that to your reply.

RK2A.png

Kevin..

Link to post
Share on other sites

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 10:01:21

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Barb - MOM

# Boot Mode : Normal

# Running from : C:\Users\Barb\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Perion

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Barb\AppData\Local\Ilivid Player

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\Barb\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1184 octets] - [17/12/2012 10:01:21]

########## EOF - C:\AdwCleaner[s1].txt - [1244 octets] ##########

Link to post
Share on other sites

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Barb [Admin rights]

Mode : Scan -- Date : 12/17/2012 10:11:38

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]

[sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSX ATA Device +++++

--- User ---

[MBR] edc765c210dcd98fa6db752bbd5d4a5e

[bSP] 1a6763468924abfc5e664683737b0142 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 223013 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Link to post
Share on other sites

ogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Barb [Admin rights]

Mode : Remove -- Date : 12/17/2012 11:47:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSX ATA Device +++++

--- User ---

[MBR] edc765c210dcd98fa6db752bbd5d4a5e

[bSP] 1a6763468924abfc5e664683737b0142 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 223013 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_12172012_02d1147.txt >>

RKreport[1]_S_12172012_02d1011.txt ; RKreport[2]_S_12172012_02d1147.txt ; RKreport[3]_D_12172012_02d1147.txt

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Barb at 17:51:19 on 2012-12-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2795.1770 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Barb\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Users\Barb\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110226211940.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Barb\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Barb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Barb\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{219C4F1B-1F92-4674-8B9E-7F4CE63B2BBA} : DHCPNameServer = 192.168.1.1 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://acer.msn.com

x64-mDefault_Page_URL = hxxp://acer.msn.com

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110226211939.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-26 607152]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-26 281544]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-2 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-2 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-2 62584]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-1-8 46136]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-12-23 115216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-2 76912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-26 24904]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-26 217696]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-26 97960]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-2 246376]

.

=============== Created Last 30 ================

.

2012-12-17 15:04:28 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-15 22:59:07 -------- d-----w- C:\Program Files\Enigma Software Group

2012-12-15 22:57:53 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2012-12-15 22:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-12-15 22:48:13 -------- d-----w- C:\Users\Barb\AppData\Roaming\DriverCure

2012-12-15 22:48:12 -------- d-----w- C:\Users\Barb\AppData\Roaming\SpeedyPC Software

2012-12-15 22:47:31 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-12-14 20:53:39 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-14 20:53:39 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-14 20:53:39 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-14 20:53:39 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-14 20:28:30 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-14 20:28:30 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-14 20:28:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-14 20:28:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-14 20:28:26 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-14 20:28:26 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-14 20:28:26 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-14 20:16:17 -------- d-----w- C:\Users\Barb\AppData\Local\RockMelt

2012-12-14 20:11:07 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-12-14 20:11:06 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-12-14 20:11:06 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-12-14 20:11:06 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-12-14 20:10:30 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-12-14 20:10:30 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-12-14 20:10:30 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-12-14 20:10:29 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-12-14 20:10:29 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-12-14 20:10:28 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-12-14 20:10:28 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-12-14 20:10:27 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2012-12-14 20:10:26 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-12-14 20:10:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-12-14 20:10:25 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-12-14 20:10:24 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-12-14 20:06:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-14 20:06:45 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-14 20:05:01 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-14 19:59:22 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-12-14 19:59:21 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-12-14 19:56:58 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-14 19:51:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-14 19:50:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-14 19:50:40 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-14 19:50:38 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-14 18:55:49 -------- d-----w- C:\Program Files (x86)\Zen Deals

2012-12-14 18:55:00 -------- d-----w- C:\ProgramData\Sendori

2012-12-14 18:54:58 -------- d-----w- C:\Program Files (x86)\Sendori

2012-12-14 16:22:49 -------- d-----w- C:\Program Files (x86)\SaveValet

.

==================== Find3M ====================

.

2012-12-14 20:33:11 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-14 20:33:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

============= FINISH: 17:52:31.67 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/10/2011 7:58:52 PM

System Uptime: 12/17/2012 5:33:31 PM (0 hours ago)

.

Motherboard: Acer | | Aspire 5253

Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 167.932 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP212: 11/23/2012 2:02:09 PM - Scheduled Checkpoint

RP213: 11/28/2012 12:39:06 PM - Windows Update

RP214: 12/6/2012 11:50:27 AM - Scheduled Checkpoint

RP215: 12/13/2012 1:20:31 AM - Windows Update

RP216: 12/14/2012 3:05:13 PM - Restore Operation

RP217: 12/14/2012 3:26:58 PM - Windows Update

RP218: 12/15/2012 5:58:06 PM - Installed SpyHunter

RP219: 12/15/2012 7:25:13 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

18 Wheels of Steel - American Long Haul

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

AMD Fuel

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI Catalyst Install Manager

Backup Manager V3

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bonjour

Build-a-lot 2

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCleaner

Chuzzle Deluxe

Conexant HD Audio

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

Dropbox

FATE

ffdshow [rev 2527] [2008-12-19]

Google Chrome

Google Translator

Habi Makeover Basic

Identity Card

Java 7 Update 9

Java Auto Updater

Jewel Quest - Heritage

Jewel Quest Solitaire 2

John Deere Drive Green

Junk Mail filter update

Launch Manager

LG Verizon United Drivers

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Agent

McAfee Security Scan Plus

McAfee VirusScan Enterprise

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Norton Online Backup

NTI Media Maker 9

OpenOffice.org 3.3

Opera 12.02

Opera 12.11

Penguins!

Plants vs. Zombies

Polar Bowler

Polar Golfer

QuickTime

Realtek USB 2.0 Card Reader

Rhapsody

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Shredder

Skype™ 5.10

SuperPoke! Pets Lite

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Verizon V CAST Media Manager

Virtual Villagers 4 - The Tree of Life

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WMV9/VC-1 Video Playback

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

12/17/2012 5:34:01 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

12/17/2012 12:48:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/17/2012 12:48:20 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/17/2012 12:48:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/17/2012 12:48:00 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/17/2012 12:48:00 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

12/15/2012 5:12:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

12/14/2012 3:02:07 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.

12/14/2012 11:22:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.

12/14/2012 11:22:45 AM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/14/2012 1:55:44 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).

12/14/2012 1:55:44 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Those shortcuts on Desktop are harmless, if you do not want them just delete them...

The DDS logs look good, do not see any obvious issues. How is your system responding....

Run Malwarebytes, check for updates and do a quick scan. Post that scan and let me know if you have any remaining issues or concerns....

Link to post
Share on other sites

my system is responding great, better than it ever has, thank you for all your help

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.16.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Barb :: MOM [administrator]

12/17/2012 6:44:19 PM

mbam-log-2012-12-17 (18-44-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215526

Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, do the following:

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

Delete the following from the Desktop if present:

DDS and any created logs

RogueKiller and its Folder RK_Quarantine

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Next,

Create a new restore point:

1. Right-click on Computer and go to Properties.

2. Next click on the System Protection link.

3. The System Properties dialog screen opens up and you will want to click on Create.

4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

2. If prompted, select the drive that you want to clean up, and then click OK.

3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

4. If prompted, select the drive that you want to clean up, and then click OK.

5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

6. In the Disk Cleanup dialog box, click Delete.

7. Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete OK, if no remaining issues or concerns is it ok to close your thread..

Kevin

Link to post
Share on other sites

i forgot to check for updates on malwarebytes, here is the new report...thank you again

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.17.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Barb :: MOM [administrator]

12/17/2012 9:01:15 PM

mbam-log-2012-12-17 (21-01-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215801

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good to hear that all is ok now, Here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Will leave the thread for 24 hours then close out, take care,

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.