mstruzak Posted May 8, 2013 ID:677267 Share Posted May 8, 2013 *** DDS.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2Run by marcin at 0:35:41 on 2013-05-08Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16375.9082 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CrashPlan\CrashPlanService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\CyberLink\Shared files\RichVideo64.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exeC:\Program Files\CrashPlan\CrashPlanTray.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exeC:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exeC:\Program Files (x86)\Active SMART SCSI\ActiveSMART.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Users\Marcin\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exeC:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\wuauclt.exeC:\Users\Marcin\AppData\Local\Akamai\netsession_win.exeC:\Users\Marcin\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\notepad.exeC:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\notepad.exeC:\Windows\System32\svchost.exe -k swprvC:\Program Files\mcafee.com\agent\McUpdate.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllmWinlogon: Userinit = userinit.exeBHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dllBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"uRun: [Akamai NetSession Interface] "C:\Users\Marcin\AppData\Local\Akamai\netsession_win.exe"uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exeuRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exemRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exemRun: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exemRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXEmRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\Marcin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVE~1.LNK - C:\Program Files (x86)\Active SMART SCSI\ActiveSMART.exeStartupFolder: C:\Users\Marcin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marcin\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Marcin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cabDPF: {5C37F274-31B1-4185-9CA4-878F7D5B7779} - hxxp://10.10.10.41/MediaClientAxCtrl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: NameServer = 10.10.10.1 10.10.10.3TCP: Interfaces\{F2A7D5CF-2AA7-40B3-A781-69BD421CA6D2} : DHCPNameServer = 10.10.10.1 10.10.10.3Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllx64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dllx64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\idvb1f3v.default\FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dllFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dllFF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-04-26 16:13; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.============= SERVICES / DRIVERS ===============.R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2011-5-2 333352]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-3 53488]R1 MOBK755Filter;MOBK755Filter;C:\Windows\System32\drivers\MOBK755.sys [2011-5-2 66040]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-2 203264]R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-4-30 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-4-30 201304]R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-2-10 144672]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-3-9 386344]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-30 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-30 515968]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/09 18:14:11;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-4-30 241456]S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-4-30 218760]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-30 70112]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-4-30 106552]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-3-31 25584]S3 PUSBODD;USB ODD High Speed Filter Driver;C:\Windows\System32\drivers\PIUSBODD.SYS [2011-11-16 33616]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-2 1255736]S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-4-30 201304].=============== File Associations ===============.FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"ShellExec: FrameMaker10.exe: Edit="C:\Program Files (x86)\Adobe\AdobeFrameMaker10\FrameMaker.exe" -ie "%1"ShellExec: FrameMaker11.exe: Edit="C:\Program Files (x86)\Adobe\AdobeFrameMaker11\FrameMaker.exe" -ie "%1"ShellExec: SnagItEditor.exe: open="C:\PROGRA~2\TECHSM~1\SNAGIT~1\SNAGIT~1.EXE" "%1".=============== Created Last 30 ================.2013-05-08 05:52:11 -------- d-----w- C:\Users\Marcin\AppData\Roaming\Malwarebytes2013-05-08 05:51:59 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-08 05:51:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-08 05:51:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-07 20:07:28 -------- d-----w- C:\ProgramData\McAfee Security Scan2013-05-07 20:07:26 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan2013-05-07 07:56:14 -------- d-----w- C:\ProgramData\HitmanPro2013-04-30 07:22:58 -------- d-----w- C:\Program Files (x86)\McAfee.com2013-04-30 07:22:53 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2013-04-30 07:22:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys2013-04-30 07:22:44 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2013-04-30 07:22:44 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2013-04-30 07:22:44 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys2013-04-30 07:22:37 -------- d-----w- C:\Program Files\Common Files\McAfee2013-04-30 04:14:49 182752 ----a-w- C:\Windows\System32\mfevtps.exe2013-04-28 19:28:04 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee2013-04-28 19:28:00 -------- d-----w- C:\Program Files\McAfee.com2013-04-28 19:28:00 -------- d-----w- C:\Program Files\McAfee2013-04-28 19:27:58 -------- d-----w- C:\Program Files (x86)\McAfee2013-04-28 19:03:58 -------- d-s---w- C:\Windows\SysWow64\Microsoft2013-04-27 19:41:20 -------- d-----w- C:\Stinger_Quarantine2013-04-27 19:41:12 -------- d-----w- C:\Program Files\stinger2013-04-27 18:39:48 -------- d-----w- C:\Users\Marcin\AppData\Roaming\McAfee2013-04-27 01:08:23 77312 ----a-w- C:\Windows\System32\packager.dll2013-04-27 01:08:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll2013-04-27 00:56:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-04-27 00:56:15 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-04-27 00:56:09 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-04-27 00:56:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-04-26 23:31:08 -------- d-----w- C:\Windows\Panther2013-04-26 23:24:02 -------- d--h--w- C:\$WINDOWS.~Q2013-04-26 23:08:35 -------- d--h--w- C:\$INPLACE.~TR2013-04-26 22:35:41 0 ----a-w- C:\Windows\ativpsrm.bin2013-04-26 04:19:45 -------- d-----w- C:\Windows\pss2013-04-23 07:12:15 -------- d-----w- C:\Program Files (x86)\MSECACHE2013-04-23 05:15:58 -------- d-----w- C:\Program Files (x86)\XBMC2013-04-16 04:10:35 -------- d-----w- C:\Users\Marcin\AppData\Roaming\HandBrake2013-04-16 04:10:20 -------- d-----w- C:\Program Files\Handbrake2013-04-16 03:21:30 -------- d-----w- C:\Users\Marcin\AppData\Roaming\RealNetworks2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-04-11 22:05:25 -------- d-----w- C:\Program Files (x86)\Coupons2013-04-11 06:03:44 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll2013-04-10 05:26:09 -------- d--h--w- C:\ProgramData\Common Files2013-04-08 16:01:01 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-04-08 16:00:58 -------- d-----w- C:\ProgramData\RealNetworks2013-04-08 16:00:49 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared2013-04-08 16:00:41 153736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppl3260.dll2013-04-08 16:00:33 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nprpplugin.dll2013-04-08 16:00:21 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll.==================== Find3M ====================.2013-05-07 20:07:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-07 20:07:24 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr2013-03-13 00:02:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-13 00:02:00 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-03-13 00:02:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-10 02:12:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-03-10 02:12:39 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-02-19 20:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2013-02-19 20:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2013-02-19 20:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys.============= FINISH: 0:35:53.30 ===============*** attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 4/26/2013 7:37:05 PMSystem Uptime: 5/7/2013 10:18:02 PM (2 hours ago).Motherboard: LENOVO | | LENOVOProcessor: Intel® Xeon® CPU X5675 @ 3.07GHz | 1366-pin LGA | 1591/133mhzProcessor: Intel® Xeon® CPU X5675 @ 3.07GHz | 1366-pin LGA | 2631/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 272 GiB total, 64.401 GiB free.D: is CDROM ()E: is CDROM ()F: is FIXED (FAT32) - 250 GiB total, 195.385 GiB free.G: is RemovableH: is RemovableI: is RemovableJ: is FIXED (NTFS) - 216 GiB total, 90.487 GiB free.K: is RemovableM: is RemovableN: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP3: 4/26/2013 5:55:59 PM - Windows UpdateRP4: 4/26/2013 7:37:32 PM - Windows UpdateRP5: 4/27/2013 10:57:38 AM - Windows UpdateRP6: 5/5/2013 11:19:18 AM - Scheduled CheckpointRP7: 5/7/2013 12:55:50 AM - Installed Sophos Virus Removal Tool..==== Installed Programs ======================.64 Bit HP CIO Components InstallerABBYY FineReader 6.0 SprintActive SMARTAdobe Acrobat X Pro - English, Français, DeutschAdobe AIRAdobe Content ViewerAdobe Creative Suite 5.5 Design PremiumAdobe Download AssistantAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe FrameMaker 10.0.1Adobe FrameMaker 11Adobe Help ManagerAdobe Reader XI (11.0.02)Adobe Shockwave Player 11.6Adobe Widget BrowserAkamai NetSession InterfaceAnyDVDApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerBeyond Compare Version 3.3.5BonjourBroadcom Gigabit Integrated ControllerBullzip PDF Printer 4.0.0.463CameraHelperMsiCanon Digital Camera Solution Disk 40-46 Software Starter GuideCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MOV DecoderCanon MOV EncoderCanon MovieEdit Task for ZoomBrowser EXCanon Personal Printing GuideCanon Utilities CameraWindowCanon Utilities CameraWindow DCCanon Utilities CameraWindow DC_DV 6 for ZoomBrowser EXCanon Utilities MyCameraCanon Utilities MyCamera DCCanon Utilities PhotoStitchCanon Utilities RemoteCapture Task for ZoomBrowser EXCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityCatalina Savings PrinterCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCoupon Printer for WindowsCrashPlanCyberLink Media SuiteCyberLink PhotoDirector 2011CyberLink Power2GoCyberLink PowerDirectorCyberLink PowerDVD 10Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDropboxDVD Decrypter (Remove Only)DVD Shrink 3.2Epson Copy Utility 3.5Epson Event ManagerEPSON ScanEPSON Scan PDF EXtensionserLTFileMind QuickFixGeoSetter 3.4.16Google ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperGPL Ghostscript Lite 9.04HandBrake 0.9.8HydraVisioniCloudiExplorer 3.2.2.2InfraRecorderInstallIQ UpdaterIrfanView (remove only)ISIS Driver - EPSON GT-1500 v1.6.10802.6001ISIS DriversISO RecorderIsoBuster 3.1iTunesJava 7 Update 17Java Auto UpdaterJava 6 Update 32Lenovo Solution CenterLenovo System UpdateLenovo ThinkVantage ToolboxLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300McAfee Internet SecurityMcAfee Online BackupMcAfee Security Scan PlusMcAfee Virtual TechnicianMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Money PlusMicrosoft Money Shared LibrariesMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Hotmail Connector 64-bitMicrosoft Outlook Social Connector Provider for Windows Live Messenger 64-bitMicrosoft Publisher 2010Microsoft SilverlightMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64MIF FilterMozilla Firefox 15.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.5 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Music TransferNotepad++Nuance PaperPort 12Nuance PDF Viewer PlusPaperPort Image Printer 64-bitPDF Settings CS5PerformanceTest v7.0 (64-bit)Picasa 3PowerDirectorPresto! BizCard 5PrimoQuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1RuntimeSafariSaxon-HE 9.4.0.3Scansoft PDF ProfessionalSeaTools for WindowsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 64-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 64-Bit EditionShared C Run-time for x64SketchUp 8Skype Click to CallSkype™ 6.0SmartFTP ClientSmartFTP Client Setup Files 4.0 (x64) (remove only)Snagit 9.1.3Sony Picture UtilitySoundMAXSpaceMonger 2.1.1swMSMTurbo-MailerTurboMailer 2TurboTax 2011TurboTax 2011 wcaiperTurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wrapperTurboTax 2012TurboTax 2012 wcaiperTurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wrapperUltraVNC 1.0.8.2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2598242) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 64-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 64-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit EditionVLC media player 2.0.4Windows Media Player Firefox PluginWindows Movie Maker 2.6WinPcap 4.1.2WinRAR 4.00 (64-bit)Wireshark 1.8.3 (64-bit)WorkForce GT-1500 Scanner Driver UpdateWorkForce Pro GT-S50 Scanner Driver UpdateWOW SliderXBMC.==== Event Viewer Messages From Past Week ========.5/7/2013 10:31:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.5/7/2013 10:22:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.5/7/2013 10:19:55 PM, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.5/7/2013 10:18:29 PM, Error: Service Control Manager [7003] - The McAfee McShield service depends the following service: mfevtp. This service might not be installed.5/7/2013 10:18:29 PM, Error: Service Control Manager [7003] - The McAfee Firewall Core Service service depends the following service: mfevtp. This service might not be installed.5/7/2013 10:18:29 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.5/7/2013 1:15:31 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.5/7/2013 1:01:51 AM, Error: mv64xx [117] - The driver for device \Device\Scsi\mv64xx1 detected a port timeout due to prolonged inactivity. All associated busses were reset in an effort to clear the condition.5/6/2013 6:03:54 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer SHARK using any of the configured protocols.5/5/2013 11:29:16 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy10.5/5/2013 11:29:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.5/1/2013 7:04:59 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.5/1/2013 7:01:23 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted May 8, 2013 ID:677270 Share Posted May 8, 2013 Hello mstruzak and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.What exactly is your problem? Link to post Share on other sites More sharing options...
mstruzak Posted May 8, 2013 Author ID:677366 Share Posted May 8, 2013 Erratic behavior in Windows that started a couple of weeks ago. First symptom - cannot save a downloaded PDF (e.g., bank statement) from Reader XI; Acrobat X works fine, but when I attempted to uninstall Reader XI (thinking there may be a conflict among common files), I got the message that MS Installer is already installing something else. sfc /scannow & RogueKiller revealed nothing. When I started poking around I noticed other abnormalities; e.g., CrashPlan for some time would not start on reboot, but I could always start the service manually; not anymore. Windows Update would hang forever. Logoffs & Shutdowns would hang forever, as well. Did an in-place upgrade of Windows fearing that a file system corruption (due to malware or not) could be the cause. ,NET Framework setup (Setup has detected that the .NET Framework version 4 needs to be repaired. Do not restart your computer until Setup is complete) would come up on every reboot and sit forever. McAfee would not turn on. I thought - ok, reinstall fixed the registry, but there may be some executable & configuration files corrupted. Multiple attempts to remove McAfee, runs of MCPR.exe & Virtual Technician, I finally got McAfee to uninstall & reinstall. After a few "normal" days McAfee, again, fails to start. Logoffs & Shutdowns hang again. Safe Mode always hums along happily .. McAfee, MBAM and a few malware remove programs pick up absolutely nothing! Link to post Share on other sites More sharing options...
Maniac Posted May 8, 2013 ID:677477 Share Posted May 8, 2013 Please manually delete RogueKiller.Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2 Download on the desktop RogueKiller Quit all programs Start RogueKiller.exe Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.In your next reply, post the following log files:Malwarebytes' Anti-Malware logRogueKiller log Link to post Share on other sites More sharing options...
mstruzak Posted May 9, 2013 Author ID:677641 Share Posted May 9, 2013 Malwarebytes' Anti-Malware logMalwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.05.09.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514marcin :: CORAL [administrator]5/8/2013 10:03:00 PMmbam-log-2013-05-08 (22-03-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 266162Time elapsed: 3 minute(s), 44 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)RogueKiller logRogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : marcin [Admin rights]Mode : Scan -- Date : 05/08/2013 22:10:52| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: MARVELL Raid VD 0 SCSI Disk Device +++++--- User ---[MBR] 56b8e0ae97214de46ae02fd741734660[BSP] b9156560396804d1b94a8e74010f2e47 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1740 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3565568 | Size: 278126 MoUser = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive1: WD 5000AVV External USB Device +++++--- User ---[MBR] 675665f7f8541362897af059bcc82cb2[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR CodePartition table:0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 256004 Mo1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 524297340 | Size: 220932 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[2]_S_05082013_02d2210.txt >>RKreport[1]_S_04262013_02d1312.txt ; RKreport[2]_S_05082013_02d2210.txt Link to post Share on other sites More sharing options...
Maniac Posted May 9, 2013 ID:677684 Share Posted May 9, 2013 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.[*]Check "YES, I accept the Terms of Use."[*]Click the Start button.[*]Accept any security warnings from your browser.[*]Under Scan Settings, check "Scan Archives" and "Remove found threats" [*]Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
mstruzak Posted May 11, 2013 Author ID:678258 Share Posted May 11, 2013 At the first attempt, ESET hung for over 6 hours on the scanning screen, with Files scanned at 0... I restarted the machine, repeated the procedure above, and now it's been running for 21 hours, picking up 8 benign threats - currently stuck on System.Workflow.Runtime.dll in winsxs (file 503,848). I'll monitor for some more, but at what point should I reset it? Link to post Share on other sites More sharing options...
mstruzak Posted May 11, 2013 Author ID:678326 Share Posted May 11, 2013 Ok, after over 26h I manually stopped ESET - it has been at the same file for at least 4 hours, at 99%. Here are the results:C:\Users\Marcin\Documents\From anemone\Downloads\BitTorrent-6.3.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationC:\Users\Marcin\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D applicationC:\Users\Marcin\Downloads\infrarecorder_34.exe a variant of Win32/InstallIQ applicationC:\Users\Upi\Documents\From anemone\Downloads\Tftpd32-3.51-setup.exe a variant of Win32/TFTPD32.A applicationC:\Users\Upi\Documents\From anemone\Downloads\tftpd32.351.zip a variant of Win32/TFTPD32.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader52393.exe a variant of Win32/SoftonicDownloader.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader64333 (1).exe a variant of Win32/SoftonicDownloader.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader64333.exe a variant of Win32/SoftonicDownloader.A application Link to post Share on other sites More sharing options...
mstruzak Posted May 11, 2013 Author ID:678328 Share Posted May 11, 2013 Restarted the machine (had to do a hard 5s reset, as it just hung on shutdown), started ESET, hunt again at 0 files, stopped, restarted, it's now running. Link to post Share on other sites More sharing options...
Maniac Posted May 11, 2013 ID:678353 Share Posted May 11, 2013 Download AVPTool from Here to your desktop Run the programme you have just downloaded to your desktop (it will be randomly named) Click the cog in the upper right Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan Allow AVP to delete all infections foundOnce it has finished select report tab (last tab)Select Detected threads report from the left and press Save buttonSave it to your desktop and post it in your next reply. Link to post Share on other sites More sharing options...
mstruzak Posted May 11, 2013 Author ID:678408 Share Posted May 11, 2013 For what it's worth, the second scan attempt with ESET went all the way to 695,479 files, and got stuck there, but had found 10 (benign) threats. I stopped it, here is the log (will get going on Kaspersky right away).C:\Users\Marcin\Documents\From anemone\Downloads\BitTorrent-6.3.exe a variant of Win32/Bundled.Toolbar.Ask.A applicationC:\Users\Marcin\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D applicationC:\Users\Marcin\Downloads\infrarecorder_34.exe a variant of Win32/InstallIQ applicationC:\Users\Upi\Documents\From anemone\Downloads\Tftpd32-3.51-setup.exe a variant of Win32/TFTPD32.A applicationC:\Users\Upi\Documents\From anemone\Downloads\tftpd32.351.zip a variant of Win32/TFTPD32.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader52393.exe a variant of Win32/SoftonicDownloader.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader64333 (1).exe a variant of Win32/SoftonicDownloader.A applicationC:\Users\Upi\Documents\From anemone\My Downloads\SoftonicDownloader64333.exe a variant of Win32/SoftonicDownloader.A applicationF:\software\Downloads\SmitfraudFix.zip Win32/Shutdown.NAA applicationF:\software\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678536 Share Posted May 12, 2013 AVPTool gets stuck at 1% (after 7h); rebooting the machine to get it unstuck... Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678538 Share Posted May 12, 2013 Upon restart of the computer, AVPTool wanted to install itself again, then the whole machine went through a hard reset. It came back again, AVPTool came back up to complete installation. I now kicked off a scan just like instructed... Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678540 Share Posted May 12, 2013 While scanning, MS Office Outlook complains "Either there is no default mail client or the current mail client cannot fulfill the messaging request. Please run Microsoft Outlook and set it as the default mail client." I never had Outlook installed on this particular account on this computer (it is installed & used on a second account), and I wonder what is this mysterious "messaging request"... Weird. AVPTool still scanning. Link to post Share on other sites More sharing options...
Maniac Posted May 12, 2013 ID:678634 Share Posted May 12, 2013 You have Microsoft Office, so could be from there. What is the situation now?The problem with ESET scanning is that you have no tick "Remove found threats". Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678655 Share Posted May 12, 2013 AVPTool is 93% complete, says it will finish in 47 minutes, but it's been at it for 14 hours, and seems to be stuck on c:\Windows\winsxs\x86_wwf-system.workflow.runtime_< ... 16-digit hex number ... >6.1.7601.17514_none_< ... 16-digit hex number ... >\System.Workflow.Runtime.dll - the same one as ESET on its first attempt. That file is only 528kb - there must be an issue as this has been sitting on it for the past 8 minutes. I'll let the countdown run to zero (39 min) and stop it then... Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678704 Share Posted May 12, 2013 Ok, after the countdown reached 0, it reset to 1h; I stopped it (X-out the window), logged off and shut-down; shut down got stuck, and I gave it the 5s hard reset. Upon restart Kaspersky again asked to continue install, came back up, and I restertad it as per your instructions. Now wait & see... Link to post Share on other sites More sharing options...
Maniac Posted May 12, 2013 ID:678743 Share Posted May 12, 2013 Please try with the last aditional scan:Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yetDouble-click on drweb-cureit.exe to start the program. An Express Scan of your PC notice will appear. Under Start the Express Scan Now, Click OK to start the scan.This is a short scan that will scan the files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it.Once the short scan has finished, Click Options > Change settingsChoose the Scan tab and UNcheck Heuristic analysisBack at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.When finished, a message will be displayed at the bottom advising if any viruses were found.Click Yes to all if it asks if you want to cure/move the file.When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select Move incurable.(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)Next, in the Dr.Web CureIt menu on top, click file and choose save report list.Save the DrWeb.csv report to your Desktop.Exit Dr.Web Cureit when you have finished.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report) Link to post Share on other sites More sharing options...
mstruzak Posted May 12, 2013 Author ID:678792 Share Posted May 12, 2013 Kaspersky is half way through - 52% at 4h26 with 3h to go; I will let it run, as it's zipping through files like there is no tomorrow. Will try DrWeb after it finishes (or gets stuck again). Link to post Share on other sites More sharing options...
Maniac Posted May 13, 2013 ID:679076 Share Posted May 13, 2013 Take your time! Link to post Share on other sites More sharing options...
Maniac Posted May 18, 2013 ID:681103 Share Posted May 18, 2013 What's new there? Link to post Share on other sites More sharing options...
mstruzak Posted May 20, 2013 Author ID:681838 Share Posted May 20, 2013 Ok, so Kaspersky never completed successfully. Moved onto CureIt, and it completed successfully, reporting a couple of benign issues here and there (tracking cookies & InstallIQ components). Nothing serious and potentially responsible for the very weird behavior! Any other ideas? Link to post Share on other sites More sharing options...
Maniac Posted May 20, 2013 ID:681856 Share Posted May 20, 2013 Any progress or not? What are the current problems? Link to post Share on other sites More sharing options...
mstruzak Posted May 23, 2013 Author ID:683107 Share Posted May 23, 2013 Problems:McAfee does not want to startStill multiple errors in Event Log (which on its own does not always fully come up)volsnap: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.WMI: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Disk: The driver detected a controller error on \Device\Harddisk1\DR1.volsnap: The shadow copies of volume J: were aborted during detection.SideBySide: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.BonjourService: Task Scheduling Error: m->NextScheduledSPRetry 4992Application: The program OUTLOOK.EXE version 14.0.6131.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e64 Start Time: 01ce574f2fbf5120 Termination Time: 352 Application Path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Report Id:Service Control Manager: The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.Service Control Manager: The McAfee Firewall Core Service service depends the following service: mfevtp. This service might not be installed.VSS: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3832f6d5-3244-4eb5-ab96-3da6dce2b3b4}DistributedCOM: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.MsiInstaller: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Marcin\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.VSS: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy195\,0x80000000,0x00000003,...). hr = 0x8007045d, The request could not be performed because of an I/O device error. . Operation: Processing PreFinalCommitSnapshots Context: Execution Context: System ProviderVSS: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002C15D0). Operation: Get Shadow Copy Properties Context: Execution Context: CoordinatorVSS: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{b0968c50-753a-11e0-bcec-806e6f6e6963}\. The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully. ], Flush[0x00000000, The operation completed successfully. ], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced. ], OnRun[0x00000000, The operation completed successfully. ]. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSetVSS: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out. Error context: DeviceIoControl(\\?\Volume{b0968c50-753a-11e0-bcec-806e6f6e6963} - 00000000000001D0,0x0053c010,000000000064EC80,0,000000000126EA20,4096,[0]). Operation: Committing shadow copies Context: Execution Context: System Provider [*]Frequent issues when trying to log off or shut down Link to post Share on other sites More sharing options...
Maniac Posted May 23, 2013 ID:683116 Share Posted May 23, 2013 What is the result if you re-install McAfee? Link to post Share on other sites More sharing options...
Recommended Posts