Jump to content

My system keeps attempting to access a blocked web site


Recommended Posts

From the other forum, they suggested that I post here.  Since installing Malwarebytes, i keep getting a popup from my system tray that access to a web site is being blocked.  This is happening at least once an hour, usually a few times an hour.  Always the same IP is given for the blocked site.  Type is 'outgoing' and process is chrome.exe.

 

As instructed i ran dds.com, and produced dds.txt and attach.txt.  I am pasting the results of those two files here.

 

If you can offer me any recommendations, i would appreciate it.

 

Thank you!

Tom

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2010 4:37:07 AM
System Uptime: 6/25/2013 11:02:39 PM (11 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i3 CPU       M 370  @ 2.40GHz | rBGA1288 Socket | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 222.99 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04
Service: vwifimp
.
==== System Restore Points ===================
.
RP687: 6/10/2013 6:17:10 PM - Windows Update
RP688: 6/14/2013 11:41:27 AM - Windows Update
RP689: 6/17/2013 12:58:13 PM - Windows Update
RP690: 6/21/2013 3:48:13 PM - Windows Update
RP692: 6/21/2013 10:15:03 PM - Microsoft Antimalware Checkpoint
RP693: 6/24/2013 4:23:05 PM - Removed PL-2303 USB-to-Serial
RP694: 6/25/2013 10:49:46 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.21
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Agent Ransack 2010 (64-bit)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Audacity 2.0.2
Audible Download Manager
AudibleManager
Avery Template
Best Buy pc app
Beyond Compare Version 3.1.11
Bing Bar
Bonjour
Cobian Backup 10
Complitly
Configuration Manager Client
Copernic Desktop Search - Home
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
Crystal Reports for Visual Studio
Definition update for Microsoft Office 2010 (KB982726)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition
Dropbox
Elf 1 Toolbar
Evernote v. 4.6.6
FFmpeg v0.6.2 for Audacity
Fitbit Base Station (Driver Removal)
Fitbit v1.3.3
Forefront TMG Client
Freecorder 5
Freecorder Toolbar
Freecorder Toolbar 3.0 Application
FreeMind
Garmin Training Center
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GraphCalc v4.0.1
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile 2010
H&R Block Deluxe + Efile 2011
HexDump32
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Photosmart 7510 series Basic Device Software
HP Photosmart 7510 series Help
HP Photosmart 7510 series Product Improvement Study
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiMAX Software
Intel® Wireless Display
iPod2PC 3.9.4
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
LADSPA_plugins-win-0.4.15
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Books Online for SQL Server "Denali" CTP3
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft DirectAccess Connectivity Assistant
Microsoft Document Explorer 2008
Microsoft Easy Assist v2
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Endpoint Protection 2010 Baseline Components
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Help Viewer 1.1
Microsoft IntelliPoint 8.0
Microsoft IT BitLocker Setup
Microsoft IT DirectAccess Setup
Microsoft IT DirectAccess SHA (x64)
Microsoft IT TPM Crypto Provider
Microsoft IT VPN
Microsoft Lync 2010
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Network Monitor: NetworkMonitor Parsers forSQLServer 3.4
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Single Image 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Online Services Sign-in Assistant
Microsoft Policy Platform
Microsoft Product Studio 2.20
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SkyDrive
Microsoft SQL Server "Denali" CTP3
Microsoft SQL Server "Denali" CTP3 (64-bit)
Microsoft SQL Server "Denali" CTP3 RsFx Driver
Microsoft SQL Server "Denali" CTP3 Setup (English)
Microsoft SQL Server "Denali" Native Client CTP3
Microsoft SQL Server "Denali" Policies CTP3
Microsoft SQL Server "Denali" PowerPivot for Excel CTP3 32-bit
Microsoft SQL Server "Denali" T-SQL Compiler Service CTP3
Microsoft SQL Server "Denali" Transact-SQL ScriptDom CTP3
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Books Online
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft System CLR Types for SQL Server "Denali" CTP3 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Shell (Integrated) - ENU
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Tools for Applications - DesignTime 3.0 ENU
Microsoft Visual Studio Tools for Applications - RunTime 3.0 x64 ENU
Microsoft Visual Studio Tools for Applications - RunTime 3.0 x86 ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft VSS Writer for SQL Server "Denali" CTP3
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
NetLogo 5.0
OpenOffice.org 3.3
ORCA
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PL-2303 USB-to-Serial
PlayReady PC Runtime amd64
PMB
QuickTime
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.10.03.02
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
Service Pack 2 for SQL Server 2008 (KB2285068) (64-bit)
Skype Click to Call
Skype™ 6.1
Source Depot Browser
SQL Server "Denali" CTP3 Analysis Services
SQL Server "Denali" CTP3 BI Development Studio
SQL Server "Denali" CTP3 Client Tools
SQL Server "Denali" CTP3 Common Files
SQL Server "Denali" CTP3 Data quality service
SQL Server "Denali" CTP3 Database Engine Services
SQL Server "Denali" CTP3 Database Engine Shared
SQL Server "Denali" CTP3 Full text search
SQL Server "Denali" CTP3 Integration Services
SQL Server "Denali" CTP3 Management Studio
SQL Server "Denali" CTP3 Master Data Services
SQL Server 2008 R2 Reporting Services
SQL Server 2008 R2 SP1 Analysis Services
SQL Server 2008 R2 SP1 BI Development Studio
SQL Server 2008 R2 SP1 Client Tools
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
SQL Server 2008 R2 SP1 Full text search
SQL Server 2008 R2 SP1 Integration Services
SQL Server 2008 R2 SP1 Management Studio
SQL Server 2008 R2 SP1 Reporting Services
SQL Server Browser for SQL Server "Denali" CTP3
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
TCX Converter 2.0.29
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Value Line Investment Analyzer v3.0
VC Runtimes MSI
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x64 Runtime - v9.0.30729.6161
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Web Deployment Tool
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Mobile Device Center
XMind
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
6/26/2013 9:53:51 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
6/26/2013 9:52:57 AM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain REDMOND due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/25/2013 4:29:38 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
6/25/2013 2:54:29 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/25/2013 2:49:34 PM, Error: FPMAgent [303]  - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: SSA Error Code: 0x80070002
6/25/2013 2:49:34 PM, Error: FPMAgent [303]  - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: AM Error Code: 0x80070002
6/25/2013 2:43:37 PM, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
6/25/2013 2:43:35 PM, Error: Microsoft-Windows-Smartcard-Server [602]  - WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
6/25/2013 2:28:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/25/2013 2:28:33 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024001f   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/25/2013 11:23:22 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
6/25/2013 11:23:22 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/25/2013 10:48:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/24/2013 3:44:21 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/24/2013 2:57:35 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.443.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/24/2013 2:51:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SMS Agent Host service to connect.
6/24/2013 2:51:01 PM, Error: Service Control Manager [7000]  - The SMS Agent Host service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/24/2013 2:48:27 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
6/24/2013 2:48:26 PM, Error: Service Control Manager [7022]  - The Application Virtualization Client service hung on starting.
6/23/2013 4:44:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.443.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/23/2013 4:05:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.372.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/23/2013 3:47:30 PM, Error: Service Control Manager [7022]  - The Intel® Management & Security Application User Notification Service service hung on starting.
6/21/2013 3:46:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.258.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/21/2013 3:36:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 87
6/21/2013 10:16:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.350.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/21/2013 10:16:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {B07C1D3E-637B-4C71-BC2F-06665F376A59}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/20/2013 12:34:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.104.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
.
==== End Of File ===========================
 
dds.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by TomCon at 10:25:45 on 2013-06-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3824.1291 [GMT -7:00]
.
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
c:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exe
C:\Program Files (x86)\Forefront TMG Client\FwcAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exe
C:\windows\system32\MsitTpmSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k regsvc
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\MsitBlSHA.Exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\CCM\CcmExec.exe
C:\Program Files (x86)\Garmin\Training Center\gStart.exe
C:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exe
C:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\DllHost.exe
C:\PROGRA~2\COPERN~1\DESKTO~1.EXE
C:\windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SnippingTool.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = itgproxy.redmond.corp.microsoft.com:80
uProxyOverride = <local>
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe,
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\Complitly.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Elf 1 Toolbar: {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - 
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe
uRun: [skyDrive] "C:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [DcaTray] C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FOREFR~1.LNK - C:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableAutoApproveHeuristics = dword:1
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: C:\Program Files (x86)\Forefront TMG Client\FwcWsp.dll
TCP: NameServer = 184.16.33.54 184.16.4.22
TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B} : DHCPNameServer = 184.16.33.54 184.16.4.22
TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\451627569747F6E663 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\94E666F627D616E45647 : DHCPNameServer = 99.99.99.53 99.99.99.153
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\64\Complitly64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe
x64-Run: [FCS Notify Icon] "c:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\UX\FEPClientUI.exe" -IconOnly
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-10-12 482384]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2010-10-24 189440]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-11-1 67584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DcaSvc;DirectAccess Connectivity Assistant Service;C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [2011-4-14 122768]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-3-17 408576]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2011-2-9 779896]
R2 FPMAgent;Microsoft Forefront Protection Manager Agent;C:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exe [2010-4-8 340848]
R2 FwcAgent;Forefront TMG Client Agent;C:\Program Files (x86)\Forefront TMG Client\FwcAgent.exe [2009-10-14 275424]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]
R2 MsitBlSHA;MsitBlSHA;C:\windows\System32\MsitBlSHA.Exe [2010-3-8 130048]
R2 MSITDACertMgr;Microsoft IT DirectAccess Service ;C:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exe [2011-2-17 18944]
R2 MsitTpmSvc;MSIT TPM Security Service;C:\windows\System32\MsitTpmSvc.exe [2011-1-19 79360]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-2-23 2061728]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-10-12 81920]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-23 259440]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-12 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\drivers\bcbtums.sys [2012-3-2 163368]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2013-2-14 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-2-14 39976]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2011-7-20 342704]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-12 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-24 25928]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2010-9-14 760168]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2010-9-14 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-12 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 cxbu0x64;OMNIKEY 3x21;C:\windows\System32\drivers\cxbu0x64.sys [2011-9-6 177920]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]
S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]
S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2011-6-14 201216]
S3 MSOLAP$DENALI;SQL Server Analysis Services (DENALI);C:\Program Files\Microsoft SQL Server\MSAS11.DENALI\OLAP\bin\msmdsrv.exe [2011-6-14 62665728]
S3 MSOLAP$DENALIX86;SQL Server Analysis Services (DENALIX86);C:\Program Files (x86)\Microsoft SQL Server\MSAS11.DENALIX86\OLAP\bin\msmdsrv.exe [2011-6-14 47510528]
S3 MSSQL$DENALI;SQL Server (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\sqlservr.exe [2011-6-14 217600]
S3 MSSQLFDLauncher$DENALI;SQL Full-text Filter Daemon Launcher (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\fdlauncher.exe [2011-6-14 34304]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-12 35008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2011-9-7 20992]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
S3 SIUSBXP;SIUSBXP;C:\windows\System32\drivers\SiUSBXp.sys [2011-2-9 16384]
S3 SQLAgent$DENALI;SQL Server Agent (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\SQLAGENT.EXE [2011-6-14 577536]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-5-10 836016]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-9-7 59392]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2011-8-9 579440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0200;RsFx0200 Driver;C:\windows\System32\drivers\RsFx0200.sys [2011-6-14 326496]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
.
=============== Created Last 30 ================
.
2013-06-26 05:51:01 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2066AAF-6ED7-4614-A0E7-EA492FD31328}\mpengine.dll
2013-06-24 22:06:28 -------- d-----w- C:\Users\TomCon\AppData\Roaming\Malwarebytes
2013-06-24 22:06:13 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-24 22:06:10 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-24 22:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-24 22:05:55 -------- d-----w- C:\Users\TomCon\AppData\Local\Programs
2013-06-24 19:56:36 -------- d-----w- C:\Users\TomCon\AppData\Local\CRE
2013-06-24 19:55:22 -------- d-----w- C:\Users\TomCon\AppData\Local\SwvUpdater
.
==================== Find3M  ====================
.
2013-06-11 18:59:47 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:59:47 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 04:12:03 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 04:11:57 866720 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2013-05-18 04:11:57 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 10:31:35.99 ===============
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

OK, thanks much for looking at this and working with me.

 

I did download and run the scanner you mentioned, and did not remove anything, just closed it when it finished.

 

Here is the output of the log file that ends up on the desktop.

 

So...let me know what the next step is!

 

Also, at the end of the scan, IE opened to the following URL.  I just closed the IE window.  I hope it is not a further problem that it launched like that.  This is the URL that was opened: 

http://tigzyrk.blogspot.fr/2011/12/ransomware-gendarmerie-nationale.html

 

 

Thanks!

 

Tom

 

Content of RKreport[0]_S_06262013_163624.txt
 
RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TomCon [Admin rights]
Mode : Scan -- Date : 06/26/2013 16:36:24
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (itgproxy.redmond.corp.microsoft.com:80) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 6 ¤¤¤
[V2][sUSP PATH] CHV3 : C:\windows\Temp\ClientHealth\HealthMonitor\MSCH_2.BAT [-] -> FOUND
[V2][sUSP PATH] Microsoft IT DirectAccess - DNS Suffix Search List : cscript - "%SystemRoot%\msitda-searchlist.vbs" [x][-] -> FOUND
[V2][sUSP PATH] Microsoft IT DirectAccess - Install or Update Software : \\msitda-server\MsitDaInstall\msit_da_install.bat - > C:\windows\msitda_copy.txt 2>&1 [x][-] -> FOUND
[V2][sUSP PATH] OnlineMonitor : C:\windows\Temp\ClientHealth\OnlineMonitor\OnlineMonitor_2.BAT [-] -> FOUND
[V2][Rans.Gendarm] Update : update.cmd -> FOUND
[V2][sUSP PATH] Disconnect : netsh - ipsec static importpolicy file="%ALLUSERSPROFILE%\Microsoft\Network\Connections\Cm\MSITVPN\MSITVPN.ipsec" [x][x][x][-] -> FOUND
 
¤¤¤ Startup Entries : 10 ¤¤¤
[Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[MsDtsServer110][sUSP PATH] Best Buy pc app.lnk : C:\Users\MsDtsServer110\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[MSOLAP$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[MSOLAP$DENALIX86][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALIX86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[MSSQL$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQL$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[MSSQLFDLauncher$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQLFDLauncher$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[TEMP][sUSP PATH] Best Buy pc app.lnk : C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
[TomCon][sUSP PATH] MLB.TV NexDef Plug-in.lnk : C:\Users\TomCon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk @C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [-][x] -> FOUND
[v-cyande][sUSP PATH] Best Buy pc app.lnk : C:\Users\v-cyande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : Rans.Gendarm ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f6814d6e9753da5f87822f00cd15d323
[bSP] c0432674fa546c6dc8809e05856d8452 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465298 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 956004352 | Size: 10141 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_06262013_163624.txt >>
 
 
 
 
Link to post
Share on other sites

OK......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Encountered possible PROBLEM/ISSUE.  A screen shot is attached.

 

After running the scan, which appeared to run fine, now, both the Previous and the Next buttons are grayed out.  Malware was found! Only 'Cancel' is possible to use.  The app is not completely dead, though, as i can scroll the scrollbar, and move the window.  But, i have waited quite a while and the state is not changing.

 

I think i may just use the Cancel and then try running it again, though i can wait a little while to see if i hear anything differently.

 

Thanks,

Tom

 

post-142070-0-63786300-1372300791_thumb.

Link to post
Share on other sites

FYI, i did stop this despite despite an alert that warned about danger of aborting scan in progress.  Have now restarted.  I now see that this takes a VERY LONG time and at times appears to be dead.  It seems to go through periods of using no CPU or disk I/O (looking at process in task manager), but then seems to wake up again.  Its been running about 3 hours now, but i don't know what percent of complete that represents.  My C drive has 247 GB in use.  This app does not seem to want to use up much of the available CPU.  Usually only 6-8%, while not much else other than systems processes are running.

 

I'll check it again in the morning!

 

Thanks!

 

Tom

Link to post
Share on other sites

Download and run CCleaner to clean out temp files: (you may want to un-check cookies)

http://www.piriform.com/ccleaner <---download
http://www.howtogeek.com/113382/how-to-use-ccleaner-like-a-pro-9-tips-tricks/ <---CCleaner tutorial

Then......

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Thanks very much for all the easy-to-follow, step by step help.  Do you think i am done??

 

It appears that my system is cleaned.  Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear.

 

I ran the mbar program twice.  First time four threats were removed, second time 0.

 

I then ran malwarebytes, quick scan, and no threats were detected.

 

I have attached the log files from the above.

 

Please let me know if you think there is anything more that i need to do.

 

Thanks again for all the help!

 

Tom

 

 

Link to post
Share on other sites

Thanks very much for all the easy-to-follow, step by step help.  Do you think i am done??

 

It appears that my system is cleaned.  Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear.

 

I ran the mbar program twice.  First time four threats were removed, second time 0.

 

I then ran malwarebytes, quick scan, and no threats were detected.

 

I have attached the log files from the above.

 

Please let me know if you think there is anything more that i need to do.

 

Thanks again for all the help!

 

Tom

 

mbar-log-2013-06-27 (08-56-10).txt

mbar-log-2013-06-27 (00-42-33).txt

mbam-log-2013-06-27 (15-27-00).txt

mbam-log-2013-06-27 (15-27-00).txt

mbar-log-2013-06-27 (08-56-10).txt

mbar-log-2013-06-27 (00-42-33).txt

Link to post
Share on other sites

Please relax, we're far from done.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from here and save it on your Desktop.

 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK if asked.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

OK.  It marches along.

 

One interesting thing to note, that even BEFORE the adware removal step, i had not gotten a warning about accessing the IP address during a few hours of PC use (while previously it was happening at least a few times an hour).  Perhaps the previous step was the one that removed the offending issues.  We shall see.  At any rate, now has been maybe a half hour since reboot after adware removal, and also have not seen a blocked attempt.

 

At any rate, here are the logs from the last two steps.

 

Thanks much, once again!

 

Let me know what you think.

 

Tom

 

 

 

Adware Cleaner
 
# AdwCleaner v2.303 - Logfile created 06/28/2013 at 12:59:55
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : TomCon - TOMCON-PC
# Boot Mode : Normal
# Running from : C:\Users\TomCon\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\user.js
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk
Folder Deleted : C:\Program Files (x86)\Elf_1
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Backup\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Backup\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Backup\AppData\LocalLow\Elf_1
Folder Deleted : C:\Users\Backup\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Campaign\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Elf_1
Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\Campaign\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Campaign\Documents\Freecorder
Folder Deleted : C:\Users\DaleS\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\DaleS\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\DaleS\AppData\LocalLow\Elf_1
Folder Deleted : C:\Users\DaleS\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\TomCon\AppData\Local\Conduit
Folder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\TomCon\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Elf_1
Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\TomCon\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\TomCon\AppData\Roaming\Complitly
Folder Deleted : C:\Users\TomCon\Documents\Freecorder
Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\Elf_1
Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\PriceGong
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Elf_1
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Elf_1
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F720DCA-D646-4033-8826-9C68DD31A351}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2F720DCA-D646-4033-8826-9C68DD31A351}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A6ECF42-975D-46C0-9518-38C95199C343}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A50B4676-368F-489E-9300-F3DB3C198175}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F47A24B9-36A8-430A-A48D-32F15B081E6A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Elf_1 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R1].txt - [12336 octets] - [28/06/2013 11:23:26]
AdwCleaner[s1].txt - [317 octets] - [28/06/2013 12:58:08]
AdwCleaner[s2].txt - [12358 octets] - [28/06/2013 12:59:55]
 
########## EOF - C:\AdwCleaner[s2].txt - [12419 octets] ##########
 
Checkup.txt
 
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Forefront Endpoint Protection   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe 
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Microsoft Security Client Antimalware MsMpEng.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Microsoft Security Client Antimalware NisSrv.exe  
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE 
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

 

Link to post
Share on other sites

Good, a little reading on IP blocking:

http://forums.malwarebytes.org//index.php?showtopic=21076&st=0#entry107310

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


Java 7 Update 21<------- Please update, should be Update 25

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------------

Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

----------------------------------------

Google Chrome 27.0.1453.110 <-----OLD
Google Chrome 27.0.1453.116 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.