Jump to content

Outgoing IP Block


Recommended Posts

2013/01/08 02:57:04 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly

2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.07.09 to version v2013.01.08.02

2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Starting database refresh

2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Stopping IP protection

2013/01/08 02:57:12 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully

2013/01/08 02:57:26 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully

2013/01/08 02:57:26 -0600 OWNER-PC Owner MESSAGE Starting IP protection

2013/01/08 02:57:27 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully

2013/01/08 03:10:01 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:10:01 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:10:09 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:10:09 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:13:08 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Starting protection

2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Protection started successfully

2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Starting IP protection

2013/01/08 04:31:33 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully

2013/01/08 05:00:00 -0600 OWNER-PC Owner MESSAGE Executing scheduled scan: Quick Scan | Daily | -remove | -terminate | -log

2013/01/08 05:00:00 -0600 OWNER-PC Owner MESSAGE Scheduled scan executed successfully

2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 14:42:44 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 14:42:52 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 14:42:52 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 14:45:00 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly

2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.08.02 to version v2013.01.08.12

2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Starting database refresh

2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Stopping IP protection

2013/01/08 14:45:11 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully

2013/01/08 14:45:13 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully

2013/01/08 14:45:13 -0600 OWNER-PC Owner MESSAGE Starting IP protection

2013/01/08 14:45:14 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully

2013/01/08 16:04:35 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly

2013/01/08 16:04:36 -0600 OWNER-PC Owner MESSAGE Database already up-to-date

2013/01/08 17:10:45 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly

2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.08.12 to version v2013.01.08.13

2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Starting database refresh

2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Stopping IP protection

2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully

2013/01/08 17:11:11 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully

2013/01/08 17:11:11 -0600 OWNER-PC Owner MESSAGE Starting IP protection

2013/01/08 17:11:12 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully

2013/01/08 17:46:46 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly

2013/01/08 17:46:47 -0600 OWNER-PC Owner MESSAGE Database already up-to-date

2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 17:58:47 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe)

2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Starting protection

2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Protection started successfully

2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Starting IP protection

2013/01/08 18:19:46 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully

attach.txt

dds.txt

protection-log-2013-01-05.txt

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello ldmtulsa and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

I have not requested anything like this:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Post the contents of JRT.txt into your next message.
Please post the two logs produced.
In your next reply, post the following log files:
Link to post
Share on other sites

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4198785024, free: 2587250688

------------ Kernel report ------------

01/09/2013 08:20:43

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\btath_bus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btath_rcp.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\psi_mf.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\WSDPrint.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\WINDOWS\System32\ntdll.dll

\WINDOWS\System32\smss.exe

\WINDOWS\System32\apisetschema.dll

\WINDOWS\System32\autochk.exe

\WINDOWS\System32\comdlg32.dll

\WINDOWS\System32\clbcatq.dll

\WINDOWS\System32\oleaut32.dll

\WINDOWS\System32\ole32.dll

\WINDOWS\System32\sechost.dll

\WINDOWS\System32\nsi.dll

\WINDOWS\System32\msctf.dll

\WINDOWS\System32\usp10.dll

\WINDOWS\System32\imm32.dll

\WINDOWS\System32\user32.dll

\WINDOWS\System32\ws2_32.dll

\WINDOWS\System32\shell32.dll

\WINDOWS\System32\kernel32.dll

\WINDOWS\System32\msvcrt.dll

\WINDOWS\System32\Wldap32.dll

\WINDOWS\System32\lpk.dll

\WINDOWS\System32\advapi32.dll

\WINDOWS\System32\imagehlp.dll

\WINDOWS\System32\rpcrt4.dll

\WINDOWS\System32\shlwapi.dll

\WINDOWS\System32\setupapi.dll

\WINDOWS\System32\gdi32.dll

\WINDOWS\System32\psapi.dll

\WINDOWS\System32\urlmon.dll

\WINDOWS\System32\iertutil.dll

\WINDOWS\System32\wininet.dll

\WINDOWS\System32\normaliz.dll

\WINDOWS\System32\difxapi.dll

\WINDOWS\System32\wintrust.dll

\WINDOWS\System32\KernelBase.dll

\WINDOWS\System32\devobj.dll

\WINDOWS\System32\crypt32.dll

\WINDOWS\System32\cfgmgr32.dll

\WINDOWS\System32\comctl32.dll

\WINDOWS\System32\msasn1.dll

\WINDOWS\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005fe0060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80040b6050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2013.01.09.07

Downloaded database version: v2013.01.04.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005fe0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005fe0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005fe0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80036ed040, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80040b6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a00c15b440, 0xfffffa8005fe0060, 0xfffffa800399a090

Lower DeviceData: 0xfffff8a009e57d70, 0xfffffa80040b6050, 0xfffffa8003c985f0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: C6AB1EE9

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 16065 Numsec = 192780

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 208896 Numsec = 30717952

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30926848 Numsec = 945844272

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.09.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

1/9/2013 8:32:03 AM

mbar-log-2013-01-09 (08-32-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 43550

Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Wed 01/09/2013 at 8:39:14.97

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"

~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\user.js

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110141");

user_pref("extensions.BabylonToolbar_i.hardId", "aca8a8d8000000000000001c239a71a6");

user_pref("extensions.BabylonToolbar_i.id", "aca8a8d8000000000000001c239a71a6");

user_pref("extensions.BabylonToolbar_i.instlDay", "15389");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?AF=110141&babsrc=NT_ss&mntrId=aca8a8d8000000000000001c239a71a6");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:02:16");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.personas.lastselected3", "{\"id\":\"17926\",\"name\":\"Live With Music\",\"accentcolor\":\"#ffae00\",\"textcolor\":\"#000000\",\"header\":\"http://getper

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");

user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers");

user_pref("extentions.y2layers.installId", "e804b7d0-8594-46e4-9952-008fb7051961");

user_pref("keyword.URL", "http://search.babylon.com/?AF=110141&babsrc=adbartrp&mntrId=aca8a8d8000000000000001c239a71a6&q=");

user_pref("samfind.social.notused", "100zakladok,2linkme,2tag,7live7,a1webmarks,addio,adifni,aero,allmyfaves,allvoices,aollifestream,aolmail,arto,attentionmeter,aviary,baang,b

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\minidumps [30 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/09/2013 at 8:49:31.65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by Owner at 8:55:03 on 2013-01-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.1869 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\Dwm.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\windows\system32\taskhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe

C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\windows\SysWOW64\ctfmon.exe

C:\windows\explorer.exe

C:\windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [screenPrint32] C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe -startup

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Z1] C:\Users\Owner\Desktop\MBAR rootkit\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\libcard.ahk

StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paula.ahk

StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pw.ahk

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: LastPass - C:\Users\Owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\Owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A3406AAC-684E-4B1C-ABAF-83490EBEAE26} : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.nbcnews.com/|http://drudgereport.com/|http://www.foxnews.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-11 19:23; support@lastpass.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\support@lastpass.com

FF - ExtSQL: 2012-12-18 08:19; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF - ExtSQL: 2012-12-27 10:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-28 55856]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-27 984144]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-27 370288]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-28 89600]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-12-27 25232]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-27 71600]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-27 44808]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-28 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 682344]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-28 1692480]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-28 2656280]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]

R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-28 176096]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-28 317440]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-21 24176]

R3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-19 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-28 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-19 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-19 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-19 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-09 14:39:10 -------- d-----w- C:\windows\ERUNT

2013-01-09 14:38:45 -------- d-----w- C:\JRT

2013-01-09 09:10:41 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F49D9E94-FF60-42F2-B6F4-9F60F33D00BE}\offreg.dll

2013-01-09 03:55:15 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-09 03:55:15 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 03:55:02 2002432 ----a-w- C:\windows\System32\msxml6.dll

2013-01-09 03:55:02 1882624 ----a-w- C:\windows\System32\msxml3.dll

2013-01-09 03:55:01 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-09 03:55:01 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-09 03:55:00 800768 ----a-w- C:\windows\System32\usp10.dll

2013-01-09 03:55:00 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-01-09 03:55:00 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-09 03:53:48 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-09 03:53:47 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-08 12:35:34 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2013-01-08 12:35:11 -------- d-----w- C:\Program Files\iPod

2013-01-08 12:35:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-08 12:35:10 -------- d-----w- C:\Program Files\iTunes

2013-01-08 12:35:10 -------- d-----w- C:\Program Files (x86)\iTunes

2013-01-08 09:38:56 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F49D9E94-FF60-42F2-B6F4-9F60F33D00BE}\mpengine.dll

2013-01-05 00:06:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\IDT

2013-01-04 21:36:59 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics

2013-01-02 00:01:55 -------- d-----w- C:\Program Files (x86)\ScreenPrint32 v3

2013-01-02 00:01:30 249856 ------w- C:\windows\Setup1.exe

2013-01-02 00:01:29 73216 ----a-w- C:\windows\ST6UNST.EXE

2012-12-30 14:57:44 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2012-12-30 14:57:39 -------- d-----w- C:\Program Files (x86)\LastPass

2012-12-30 13:56:45 -------- d-----w- C:\Users\Owner\AppData\Local\Programs

2012-12-28 19:02:51 -------- d-----w- C:\Users\Owner\AppData\Local\{CAA83A7F-2267-4AA7-A0DC-CF3EB57BC77E}

2012-12-28 06:54:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-12-27 16:04:00 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-12-27 16:04:00 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2012-12-27 16:03:59 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-12-27 16:03:46 41224 ----a-w- C:\windows\avastSS.scr

2012-12-27 16:03:34 -------- d-----w- C:\ProgramData\AVAST Software

2012-12-27 16:03:34 -------- d-----w- C:\Program Files\AVAST Software

2012-12-25 01:17:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\Roxio Log Files

2012-12-24 15:48:04 -------- d-----w- C:\Users\Owner\SyncUP

2012-12-24 15:43:43 -------- d-----w- C:\Users\Owner\AppData\Local\Nero_AG

2012-12-24 15:43:40 -------- d-----w- C:\Users\Owner\AppData\Local\Nero

2012-12-23 12:40:36 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help

2012-12-21 14:09:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2012-12-21 14:09:20 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-21 14:09:19 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-21 14:09:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-21 12:21:07 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 12:21:07 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 12:21:06 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 12:21:06 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-20 20:20:36 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe

2012-12-20 17:12:00 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2012-12-20 17:08:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\PCDr

2012-12-20 13:49:31 -------- d-----w- C:\Users\Owner\AppData\Local\Google

2012-12-20 12:54:56 -------- d-----w- C:\ProgramData\PCDr

2012-12-19 23:00:15 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-12-19 22:23:55 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia

2012-12-19 21:50:56 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer

2012-12-19 21:45:54 -------- d-----w- C:\Users\Owner\AppData\Local\Apple

2012-12-19 21:45:47 -------- d-----w- C:\Program Files\Bonjour

2012-12-19 21:45:47 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-12-19 20:59:31 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-12-19 20:55:45 697272 ------w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-19 20:54:40 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll

2012-12-19 20:54:36 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll

2012-12-19 20:47:36 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia PSI

2012-12-19 20:47:21 -------- d-----w- C:\Program Files (x86)\Secunia

2012-12-19 20:42:47 -------- d-----w- C:\windows\SysWow64\Wat

2012-12-19 20:42:47 -------- d-----w- C:\windows\System32\Wat

2012-12-19 20:09:16 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-12-19 20:09:16 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-12-19 20:09:16 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-12-19 20:09:16 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-19 19:45:41 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-12-19 19:45:41 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-12-19 19:45:40 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-12-19 19:45:40 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-12-19 19:45:39 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-12-19 19:45:39 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-12-19 19:45:39 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-12-19 19:44:47 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-12-19 19:44:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-12-19 19:44:47 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-12-19 19:44:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-12-19 19:44:46 5120 ----a-w- C:\windows\System32\wmi.dll

2012-12-19 19:36:44 458712 ----a-w- C:\windows\System32\drivers\cng.sys

2012-12-19 19:33:32 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-12-19 19:33:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-12-19 19:33:32 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-12-19 19:33:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-12-19 19:33:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-12-19 19:31:06 956928 ----a-w- C:\windows\System32\localspl.dll

2012-12-19 19:12:11 -------- d-----w- C:\Program Files (x86)\MSECache

2012-12-19 19:04:00 -------- d-----w- C:\Users\Owner\AppData\Local\SoftGrid Client

2012-12-19 19:03:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\SoftGrid Client

2012-12-19 19:03:04 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-12-19 19:02:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\TP

2012-12-19 18:48:29 -------- d-----w- C:\Users\Owner\AppData\Local\Evernote

2012-12-19 18:48:09 -------- d-----w- C:\Program Files (x86)\Evernote

2012-12-19 18:42:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\WinPatrol

2012-12-19 18:42:44 -------- d-----w- C:\Program Files (x86)\BillP Studios

2012-12-19 17:50:12 -------- d-----w- C:\Program Files (x86)\AutoHotkey

2012-12-19 17:49:25 -------- d-----w- C:\Program Files\CCleaner

2012-12-19 17:40:39 8537680 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2012-12-19 17:39:06 -------- d-----w- C:\Program Files (x86)\MozBackup

2012-12-19 16:07:23 859072 ------w- C:\windows\SysWow64\npDeployJava1.dll

2012-12-19 16:07:18 95184 ------w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-19 16:06:24 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2012-12-19 16:00:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-12-19 16:00:34 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-12-19 16:00:34 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-12-19 15:58:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Dell

2012-12-19 15:58:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\Intel Corporation

2012-12-19 15:58:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Fingertapps

2012-12-19 15:58:05 -------- d-----w- C:\Users\Owner\AppData\Local\BMExplorer

2012-12-19 15:58:04 -------- d-----w- C:\Users\Owner\AppData\Local\Dell

2012-12-19 15:57:31 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-19 15:55:37 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-12-19 15:55:35 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-12-19 15:55:27 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-12-19 15:55:27 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-12-19 15:55:00 -------- d-----w- C:\Users\Owner\AppData\Local\VirtualStore

2012-12-19 03:32:52 -------- d-----w- C:\windows\SMINST

.

==================== Find3M ====================

.

2013-01-02 00:01:59 1077344 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-12-19 22:23:21 73656 ------w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-19 20:54:30 916456 ----a-w- C:\windows\System32\deployJava1.dll

2012-12-19 16:07:11 779704 ------w- C:\windows\SysWow64\deployJava1.dll

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-08 17:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

.

===.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/19/2012 9:54:55 AM

System Uptime: 1/9/2013 7:59:25 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 01HXXJ

Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 417.945 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP3: 1/7/2013 12:00:02 AM - Scheduled Checkpoint

RP4: 1/8/2013 3:38:22 AM - Windows Update

RP5: 1/8/2013 6:34:36 AM - Installed iTunes

RP6: 1/9/2013 3:00:18 AM - Windows Update

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoHotkey 1.0.48.05

avast! Free Antivirus

Banctec Service Agreement

Bing Bar

Blio

Bluetooth Win7 Suite (64)

Bonjour

CCleaner

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell Stage Remote

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dell WLAN and Bluetooth Client Installation

Evernote v. 4.6

Google Chrome

Google Update Helper

High-Definition Video Playback

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Java 7 Update 10

Java 7 Update 9 (64-bit)

Java Auto Updater

Junk Mail filter update

LastPass(uninstall only)

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MozBackup 1.5.1

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

PlayReady PC Runtime x86

Premium Service Agreement

QualxServ Service Agreement

Quickset64

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

ScreenPrint32 v3.5

ScreenPrint32 v3.5 (C:\Program Files (x86)\ScreenPrint32 v3\)

Secunia PSI (3.0.0.6001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SyncUP

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPatrol

Zinio Reader 4

.

==== End Of File ===========================

========== FINISH: 8:55:30.51 ===============

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Ok - I have run ComboFix. Several things happened that were not in the instructions. 1St - on 3 occations I got the following error. "Exception EAcess Violation in module Erunt.3xe. 2nd- a restore point was not created. 3rd - the Microsoft Recovery console process did not happen. Maybe that means it was already installed.

Are any of these a problem?

ComboFix 13-01-12.01 - Owner 01/12/2013 15:37:06.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2062 [GMT -6:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Y:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

.

.

2013-01-12 21:41 . 2013-01-12 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-11 23:44 . 2013-01-11 23:44 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE3BF1B-D833-472F-9011-CD0914B8D798}\offreg.dll

2013-01-11 10:03 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE3BF1B-D833-472F-9011-CD0914B8D798}\mpengine.dll

2013-01-10 13:23 . 2013-01-10 13:23 -------- d-----w- c:\program files (x86)\ESET

2013-01-10 00:01 . 2013-01-10 00:01 -------- d-----w- c:\program files (x86)\IrfanView

2013-01-09 20:11 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll

2013-01-09 20:11 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll

2013-01-09 20:11 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll

2013-01-09 20:11 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll

2013-01-09 20:11 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll

2013-01-09 20:11 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll

2013-01-09 20:11 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll

2013-01-09 20:11 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe

2013-01-09 20:11 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll

2013-01-09 20:11 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll

2013-01-09 20:11 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll

2013-01-09 20:11 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe

2013-01-09 19:17 . 2013-01-09 19:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-01-09 19:15 . 2013-01-09 19:15 -------- d-----w- c:\programdata\InstallMate

2013-01-09 19:11 . 2013-01-09 19:11 -------- d-----w- c:\program files (x86)\FileHippo.com

2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- c:\windows\SysWow64\BestPractices

2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- c:\windows\system32\BestPractices

2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- C:\inetpub

2013-01-09 18:30 . 2009-12-30 17:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\program files\VS Revo Group

2013-01-09 14:39 . 2013-01-09 14:39 -------- d-----w- c:\windows\ERUNT

2013-01-09 14:38 . 2013-01-11 23:37 -------- d-----w- C:\JRT

2013-01-09 03:55 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 03:55 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 03:55 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 03:55 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 03:55 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 03:55 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-09 03:55 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 03:55 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 03:55 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-09 03:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 03:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-08 12:35 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-01-08 12:35 . 2013-01-08 12:35 -------- dc----w- c:\windows\system32\DRVSTORE

2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files\iPod

2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files\iTunes

2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files (x86)\iTunes

2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\programdata\Apple Computer

2013-01-08 12:34 . 2013-01-08 12:34 -------- d-----w- c:\program files\Common Files\Apple

2013-01-02 00:01 . 2013-01-02 00:03 -------- d-----w- c:\program files (x86)\ScreenPrint32 v3

2013-01-02 00:01 . 2013-01-02 00:03 249856 ------w- c:\windows\Setup1.exe

2013-01-02 00:01 . 2013-01-02 00:03 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-12-30 14:57 . 2012-12-30 14:57 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

2012-12-30 14:57 . 2012-12-30 14:57 -------- d-----w- c:\program files (x86)\LastPass

2012-12-28 19:45 . 2012-12-28 19:45 -------- d-----w- c:\program files\Microsoft Silverlight

2012-12-28 19:45 . 2012-12-28 19:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-12-27 16:04 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-27 16:04 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-27 16:04 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-27 16:04 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-27 16:04 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-27 16:03 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-27 16:03 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-27 16:03 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-27 16:03 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-12-27 16:03 . 2013-01-03 13:55 -------- d-----w- c:\program files\AVAST Software

2012-12-27 16:03 . 2012-12-27 16:03 -------- d-----w- c:\programdata\AVAST Software

2012-12-23 12:40 . 2012-12-23 12:40 -------- d-----w- c:\programdata\Microsoft Help

2012-12-21 14:09 . 2012-12-21 14:09 -------- d-----w- c:\programdata\Malwarebytes

2012-12-21 14:09 . 2012-12-30 13:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-21 14:09 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-21 12:21 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 12:21 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 12:21 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 12:21 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-20 17:12 . 2012-12-20 17:12 -------- d-----w- c:\programdata\PC-Doctor for Windows

2012-12-20 13:49 . 2012-12-23 12:24 -------- d-----w- c:\program files (x86)\Google

2012-12-20 12:54 . 2012-12-20 17:11 -------- d-----w- c:\programdata\PCDr

2012-12-19 23:00 . 2012-12-19 23:00 -------- d-----w- c:\programdata\VirtualizedApplications

2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files\Bonjour

2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files (x86)\Bonjour

2012-12-19 21:45 . 2013-01-08 12:35 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-12-19 21:45 . 2013-01-08 12:34 -------- d-----w- c:\programdata\Apple

2012-12-19 20:59 . 2012-12-19 21:02 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-12-19 20:55 . 2013-01-09 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-19 20:54 . 2012-12-19 20:54 289768 ----a-w- c:\windows\system32\javaws.exe

2012-12-19 20:54 . 2012-12-19 20:54 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-19 20:54 . 2012-12-19 20:54 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-19 20:54 . 2012-12-19 20:54 189416 ----a-w- c:\windows\system32\javaw.exe

2012-12-19 20:54 . 2012-12-19 20:54 188904 ----a-w- c:\windows\system32\java.exe

2012-12-19 20:54 . 2012-12-19 20:54 -------- d-----w- c:\program files\Java

2012-12-19 20:42 . 2012-12-19 20:42 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-19 20:42 . 2012-12-19 20:42 -------- d-----w- c:\windows\system32\Wat

2012-12-19 20:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-19 20:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-19 20:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-19 20:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-19 20:03 . 2013-01-09 09:05 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-12-19 19:48 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-19 19:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-19 19:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-19 19:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-19 19:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-19 19:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-19 19:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-19 19:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-19 19:44 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-19 19:44 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-19 19:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-19 19:44 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-19 19:44 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-19 19:36 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2012-12-19 19:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-12-19 19:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-12-19 19:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-12-19 19:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-12-19 19:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-12-19 19:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-12-19 19:31 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-12-19 19:12 . 2012-12-19 19:12 -------- d-----w- c:\program files (x86)\MSECache

2012-12-19 19:03 . 2012-12-19 19:50 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-12-19 19:03 . 2012-12-19 19:03 -------- d-----w- c:\program files\Microsoft Office

2012-12-19 18:48 . 2012-12-19 18:48 -------- d-----w- c:\program files (x86)\Evernote

2012-12-19 18:42 . 2012-12-19 18:42 -------- d-----w- c:\program files (x86)\BillP Studios

2012-12-19 17:50 . 2012-12-19 17:50 -------- d-----w- c:\program files (x86)\AutoHotkey

2012-12-19 17:49 . 2013-01-09 19:15 -------- d-----w- c:\program files\CCleaner

2012-12-19 17:40 . 2012-12-19 17:40 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 19:05 . 2012-03-28 13:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-02 00:01 . 2000-05-22 21:58 1077344 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-12-19 20:54 . 2012-03-28 13:27 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-19 16:07 . 2012-03-28 13:28 779704 ------w- c:\windows\SysWow64\deployJava1.dll

2012-11-30 04:45 . 2013-01-09 03:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-10-16 08:38 . 2012-12-19 19:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-19 19:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-19 19:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]

2013-01-10 21:59 581984 ----a-w- c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-12-19 5628848]

"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"ScreenPrint32"="c:\program files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-10 1078624]

libcard.ahk [2011-11-30 70]

Paula.ahk [2012-2-10 85]

pw.ahk [2013-1-2 65]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-30 14794312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-20 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-20 298656]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-20 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-20 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-20 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-20 282272]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-20 29344]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - CDFS

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-11 16:54 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 19:05]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 13:49]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 13:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2013-01-04 404712]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html

IE: LastPass - file://c:\users\Owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\users\Owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

Trusted Zone: secunia.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.nbcnews.com/|http://drudgereport.com/|http://www.foxnews.com/

FF - ExtSQL: 2012-12-11 19:23; support@lastpass.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\support@lastpass.com

FF - ExtSQL: 2012-12-18 08:19; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF - ExtSQL: 2012-12-27 10:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

.

Completion time: 2013-01-12 15:42:49

ComboFix-quarantined-files.txt 2013-01-12 21:42

.

Pre-Run: 429,320,216,576 bytes free

Post-Run: 429,265,137,664 bytes free

.

- - End Of File - - 8957C1C0D2DE634087514207C3BF3725

Link to post
Share on other sites

Please upload one by one the following files in www.virustotal.com :

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\libcard.ahk

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paula.ahk

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pw.ahk

Copy/paste all of these links when the scan finishen in your next reply here.

Link to post
Share on other sites

The 3 files you asked about are script files for a program called Automate that I have been using for years.

Scanned each file but I'm getting this error trying to post the screen prints from virustotal.com.

An error occurred

You are not allowed to use that image extension on this community.

Link to post
Share on other sites

In this case, I don't need to analyse them. Thank you! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=d301a47f63bfc1459ed85dd1096eb521

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-10 02:02:33

# local_time=2013-01-10 08:02:33 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 100 91 55240 133614825 0 0

# compatibility_mode=5893 16776573 100 94 0 109370003 0 0

# scanned=112382

# found=0

# cleaned=0

# scan_time=2088

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=d301a47f63bfc1459ed85dd1096eb521

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-13 12:23:21

# local_time=2013-01-13 06:23:21 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 100 91 308488 133868073 0 0

# compatibility_mode=5893 16776573 100 94 0 109623251 0 0

# scanned=112708

# found=0

# cleaned=0

# scan_time=2200

Hate to see you burn up so much of your time on this. Would you prefer that I push this off the customer support?

Link to post
Share on other sites

Still getting the blocks -- past couple of days

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:13 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:21 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:21 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/12 18:07:21 -0600 OWNER-PC Owner IP-BLOCK 89.28.109.71 (Type: outgoing, Port: 61212, Process: svchost.exe)

2013/01/11 08:42:31 -0600 OWNER-PC Owner IP-BLOCK 219.146.253.167 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 08:42:39 -0600 OWNER-PC Owner IP-BLOCK 219.146.253.167 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:51:36 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:51:36 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:51:36 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:51:44 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:51:52 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:52:00 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 10:52:00 -0600 OWNER-PC Owner IP-BLOCK 178.90.90.107 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 16:24:45 -0600 OWNER-PC Owner IP-BLOCK 222.64.69.251 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 16:24:53 -0600 OWNER-PC Owner IP-BLOCK 222.64.69.251 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 16:24:53 -0600 OWNER-PC Owner IP-BLOCK 222.64.69.251 (Type: outgoing, Port: 60469, Process: svchost.exe)

2013/01/11 17:33:33 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:33 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:33 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:33 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:41 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:41 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

2013/01/11 17:33:41 -0600 OWNER-PC Owner IP-BLOCK 218.8.97.58 (Type: outgoing, Port: 50699, Process: svchost.exe)

13/01/11 22:14:22 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:14:22 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:14:22 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:14:22 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:14:30 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:48 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:48 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:48 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:48 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:57 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

2013/01/11 22:18:57 -0600 OWNER-PC Owner IP-BLOCK 58.240.219.30 (Type: outgoing, Port: 51062, Process: svchost.exe)

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.