Block Incoming svchost.exe

Wanderer11 · October 5, 2013

There are multiple Malwarebyte PRO blocks of svchost.exe from IP: 91.206.200.51. I recently submitted an inquiry for the Customer Support however the frequency of the blocks increased exponentially and I'm paranoid to wait till Monday (reply to inquiry period is typically a business day). I apologized if this topic is redundant.

DDS file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by ---- at 14:58:44 on 2013-10-05
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2999.1657 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CanonQuickMenu] c:\program files\canon\quick menu\CNQMMAIN.EXE /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\thinhv~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

TCP: Interfaces\{0A573783-F2B3-4001-99E8-7541FCD29E71} : DHCPNameServer = 10.50.0.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\254545D21313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\2656C6B696E6E2636343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\2656C6B696E6E2935363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\34F6D65647E45647 : DHCPNameServer = 10.182.70.24 10.180.14.69
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\4586560254675637 : DHCPNameServer = 10.50.0.1
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\5545447457563747 : DHCPNameServer = 10.23.0.1 77.200.191.103
TCP: Interfaces\{0ED75CE9-BD49-4492-8E80-AD7086B51E8C}\839373E493 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\thinh vo\appdata\roaming\mozilla\firefox\profiles\mg24ndcg.default-1379391981732\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2013-09-16 23:30; firefox@ghostery.com; c:\users\thinh vo\appdata\roaming\mozilla\firefox\profiles\mg24ndcg.default-1379391981732\extensions\firefox@ghostery.com.xpi
FF - ExtSQL: 2013-09-16 23:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\thinh vo\appdata\roaming\mozilla\firefox\profiles\mg24ndcg.default-1379391981732\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-2 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-5-2 145040]
R1 pfmfs_359;pfmfs_359;c:\windows\system32\drivers\pfmfs_359.sys [2010-5-14 185048]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-5-2 356376]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-2-26 26168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-29 701512]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-10-13 4867952]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-10-13 414576]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys [2010-7-30 29168]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-2 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-2 25944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-29 22856]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-5-14 150048]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\mcafee\siteadvisor enterprise\mcsacore.exe" --> c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-3-7 32256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-20 15872]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-14 181792]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-20 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-10-13 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-14 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-05 16:17:51   7328304   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{084bc1e1-03a8-4aa3-b957-d2ef67ad6873}\mpengine.dll
2013-09-30 03:05:43   --------   d-----w-   c:\users\thinh vo\appdata\roaming\Malwarebytes
2013-09-30 03:05:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-09-30 03:05:39   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-09-30 03:05:39   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-09-29 19:18:31   --------   d-----w-   c:\programdata\Oracle
2013-09-29 19:18:00   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-09-29 18:56:37   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-29 18:34:08   --------   d-----w-   C:\AdwCleaner
2013-09-29 18:26:13   --------   d-----w-   c:\windows\ERUNT
2013-09-17 19:26:20   --------   d-sh--w-   C:\$RECYCLE.BIN
2013-09-17 19:03:11   --------   d-----w-   c:\users\thinh vo\appdata\local\temp
2013-09-13 03:10:11   133056   ----a-w-   c:\windows\system32\drivers\ataport.sys
2013-09-13 03:10:03   2348544   ----a-w-   c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2013-09-29 19:17:52   868264   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-09-29 19:17:52   790440   ----a-w-   c:\windows\system32\deployJava1.dll
2013-09-20 17:46:10   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 17:46:10   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-08-10 03:59:10   1767936   ----a-w-   c:\windows\system32\wininet.dll
2013-08-10 03:58:09   2876928   ----a-w-   c:\windows\system32\jscript9.dll
2013-08-10 03:58:06   61440   ----a-w-   c:\windows\system32\iesetup.dll
2013-08-10 03:58:06   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19   71680   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-08-07 09:22:04   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-08-02 01:50:36   169984   ----a-w-   c:\windows\system32\winsrv.dll
2013-08-02 01:49:19   293376   ----a-w-   c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57   271360   ----a-w-   c:\windows\system32\conhost.exe
2013-08-02 00:43:05   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-27 05:49:38   44000   ----a-w-   c:\windows\system32\drivers\kltdi.sys
2013-07-27 05:09:20   257820160   ----a-w-   C:\backup file.reg
2013-07-25 08:57:27   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-09 05:03:34   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-07-09 04:52:10   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 04:50:42   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   c:\windows\system32\cryptnet.dll
.
============= FINISH: 14:58:55.54 ===============

Wanderer11 · October 5, 2013

Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2010 7:33:49 PM
System Uptime: 10/5/2013 2:50:53 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 140A
Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 241.879 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: ENE CIR Receiver
Device ID: ACPI\ENE0100\3&11583659&0
Manufacturer: ENECIR Devices
Name: ENE CIR Receiver
PNP Device ID: ACPI\ENE0100\3&11583659&0
Service: enecir
.
==== System Restore Points ===================
.
RP342: 9/17/2013 2:18:16 PM - ComboFix created restore point
RP343: 9/17/2013 7:35:42 PM - Windows Update
RP344: 9/26/2013 8:20:30 PM - Windows Update
RP345: 9/29/2013 2:15:41 PM - Removed Java 7 Update 25
RP346: 9/29/2013 2:17:42 PM - Installed Java 7 Update 40
RP347: 10/3/2013 8:54:57 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Belkin Setup and Router Monitor
Bonjour
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MG2200 series MP Drivers
Canon MG2200 series On-screen Manual
Canon MG2200 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Combined Community Codec Pack 2011-11-11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Fable III
FanFictionDownloader version 0.7.2
FireAlpaca 1.0.41
Foxit Reader
HP MediaSmart Webcam
Intel® Matrix Storage Manager
iTunes
Java 7 Update 40
Java Auto Updater
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SiteAdvisor Enterprise Plus
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pismo File Mount Audit Package
Realtek USB2.0&PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
9/29/2013 1:56:18 PM, Error: mbamchameleon [61440] -
10/5/2013 2:53:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/5/2013 2:53:23 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2013 2:53:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/5/2013 2:53:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/5/2013 2:53:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/5/2013 2:53:06 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/5/2013 2:51:12 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: The system cannot find the file specified.
10/5/2013 2:50:14 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/5/2013 11:15:56 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
10/5/2013 11:12:07 AM, Error: Service Control Manager [7000] - The Windows Activation Technologies Service service failed to start due to the following error: Access is denied.
10/5/2013 11:11:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service WatAdminSvc with arguments "" in order to run the server: {F02602C4-3C2A-473B-B35E-679A0076A4A5}
.
==== End Of File ===========================

kevinf80 · October 5, 2013

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Wanderer11 · October 5, 2013

FRST.text

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ---- (administrator) on ----PC on 05-10-2013 15:34:58
Running from C:\Users\Thinh Vo\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CyberLink) C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [instaLAN] - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-02] (Kaspersky Lab ZAO)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Thinh Vo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0F5B2EE5416CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.50.0.1

FireFox:
========
FF ProfilePath: C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: firefox - C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-02] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Enterprise Service; "C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [29168 2010-07-30] (Windows ® Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-05-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2013-05-02] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2013-05-02] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-07-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-05-02] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 pfmfs_359; C:\Windows\System32\Drivers\pfmfs_359.sys [185048 2009-10-14] (Pismo Technic Inc.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [150048 2009-11-12] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\Users\THINHV~1\AppData\Local\Temp\catchme.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-05-02] (Kaspersky Lab ZAO)
S3 RTSTOR; system32\drivers\RTSTOR.SYS [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [x]
U3 mbr; \??\C:\Users\THINHV~1\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-05 15:34 - 2013-10-05 15:34 - 00000000 ____D C:\FRST
2013-10-05 15:33 - 2013-10-05 15:33 - 01087213 _____ (Farbar) C:\Users\Thinh Vo\Downloads\FRST.exe
2013-10-05 14:59 - 2013-10-05 14:59 - 00010515 _____ C:\Users\Thinh Vo\Desktop\attach.txt
2013-10-05 14:59 - 2013-10-05 14:58 - 00018142 _____ C:\Users\Thinh Vo\Desktop\dds.txt
2013-10-05 14:13 - 2013-10-05 14:13 - 00688992 ____R (Swearware) C:\Users\Thinh Vo\Downloads\dds.scr
2013-10-05 13:46 - 2013-10-05 13:46 - 04369632 _____ (Piriform Ltd) C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 11:22 - 2013-10-05 11:22 - 01528184 _____ (Microsoft Corporation) C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
2013-10-01 21:57 - 2013-10-01 22:03 - 00142064 _____ (Raimond Eisele                                              ) C:\Users\Thinh Vo\Downloads\ffdl-win-port.exe.part
2013-09-29 22:05 - 2013-09-29 22:05 - 00001023 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\Users\Thinh Vo\AppData\Roaming\Malwarebytes
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-29 22:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-29 21:59 - 2013-09-29 22:00 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thinh Vo\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-29 21:49 - 2013-09-29 21:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thinh Vo\Downloads\mbam-consumer.exe
2013-09-29 14:18 - 2013-09-29 14:18 - 00000000 ____D C:\ProgramData\Oracle
2013-09-29 14:18 - 2013-09-29 14:18 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-29 14:18 - 2013-09-29 14:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-29 14:18 - 2013-09-29 14:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-29 14:18 - 2013-09-29 14:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-29 14:18 - 2013-09-29 14:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-29 14:14 - 2013-09-29 14:14 - 00000000 ____D C:\Users\Thinh Vo\AppData\Roaming\Oracle
2013-09-29 13:56 - 2013-09-29 14:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-29 13:34 - 2013-09-29 13:35 - 00000000 ____D C:\AdwCleaner
2013-09-29 13:26 - 2013-09-29 13:26 - 00000000 ____D C:\Windows\ERUNT
2013-09-18 18:55 - 2013-09-18 18:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 14:03 - 2013-09-17 14:03 - 00011250 _____ C:\ComboFix.txt
2013-09-17 13:54 - 2013-09-17 14:17 - 00000000 ____D C:\Windows\erdnt
2013-09-12 22:17 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 22:17 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 22:17 - 2013-08-09 22:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 22:17 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 22:17 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 22:17 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 22:17 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 22:10 - 2013-08-07 20:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 22:10 - 2013-08-04 20:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 22:10 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 22:10 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 22:09 - 2013-08-01 20:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 22:09 - 2013-08-01 20:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 22:09 - 2013-08-01 20:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 19:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 22:09 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 22:09 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 08:09 - 2013-10-05 15:34 - 01444578 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-10-05 15:34 - 2013-10-05 15:34 - 00000000 ____D C:\FRST
2013-10-05 15:34 - 2013-09-10 08:09 - 01444578 _____ C:\Windows\WindowsUpdate.log
2013-10-05 15:33 - 2013-10-05 15:33 - 01087213 _____ (Farbar) C:\Users\Thinh Vo\Downloads\FRST.exe
2013-10-05 14:59 - 2013-10-05 14:59 - 00010515 _____ C:\Users\Thinh Vo\Desktop\attach.txt
2013-10-05 14:58 - 2013-10-05 14:59 - 00018142 _____ C:\Users\Thinh Vo\Desktop\dds.txt
2013-10-05 14:58 - 2009-07-13 23:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 14:58 - 2009-07-13 23:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 14:53 - 2013-07-27 00:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 14:51 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 14:46 - 2012-04-04 10:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 14:13 - 2013-10-05 14:13 - 00688992 ____R (Swearware) C:\Users\Thinh Vo\Downloads\dds.scr
2013-10-05 13:47 - 2013-02-11 00:45 - 00000921 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-05 13:47 - 2013-02-11 00:45 - 00000000 ____D C:\Program Files\CCleaner
2013-10-05 13:46 - 2013-10-05 13:46 - 04369632 _____ (Piriform Ltd) C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 12:53 - 2011-08-16 10:06 - 00001370 _____ C:\Users\Thinh Vo\Desktop\game.txt
2013-10-05 11:22 - 2013-10-05 11:22 - 01528184 _____ (Microsoft Corporation) C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
2013-10-03 20:09 - 2010-05-14 17:43 - 00782074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-01 22:03 - 2013-10-01 21:57 - 00142064 _____ (Raimond Eisele                                              ) C:\Users\Thinh Vo\Downloads\ffdl-win-port.exe.part
2013-09-29 22:05 - 2013-09-29 22:05 - 00001023 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\Users\Thinh Vo\AppData\Roaming\Malwarebytes
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-29 22:05 - 2013-09-29 22:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-29 22:00 - 2013-09-29 21:59 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thinh Vo\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-29 21:51 - 2011-08-28 13:13 - 00000000 ____D C:\Users\Thinh Vo\Documents\Mine
2013-09-29 21:50 - 2013-09-29 21:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Thinh Vo\Downloads\mbam-consumer.exe
2013-09-29 20:33 - 2011-01-27 18:58 - 00002744 _____ C:\Users\Thinh Vo\Desktop\song.txt
2013-09-29 19:44 - 2010-12-07 23:40 - 00000000 ____D C:\Users\Thinh Vo\Documents\Coming
2013-09-29 14:18 - 2013-09-29 14:18 - 00000000 ____D C:\ProgramData\Oracle
2013-09-29 14:18 - 2013-09-29 14:18 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-29 14:17 - 2013-09-29 14:18 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-29 14:17 - 2013-09-29 14:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-29 14:17 - 2013-09-29 14:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-29 14:17 - 2013-09-29 14:18 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-29 14:17 - 2012-07-02 16:50 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-09-29 14:17 - 2010-07-06 14:11 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-29 14:14 - 2013-09-29 14:14 - 00000000 ____D C:\Users\Thinh Vo\AppData\Roaming\Oracle
2013-09-29 14:04 - 2013-09-29 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-29 13:35 - 2013-09-29 13:34 - 00000000 ____D C:\AdwCleaner
2013-09-29 13:26 - 2013-09-29 13:26 - 00000000 ____D C:\Windows\ERUNT
2013-09-25 20:20 - 2009-07-13 23:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-20 12:46 - 2012-04-04 10:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 12:46 - 2011-05-19 17:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 08:15 - 2012-05-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 21:10 - 2010-05-14 17:44 - 00000000 ____D C:\Users\Thinh Vo\AppData\Local\Mozilla
2013-09-18 18:56 - 2013-09-18 18:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 15:10 - 2013-07-27 14:07 - 00001313 _____ C:\Users\Thinh Vo\Desktop\txtbk.txt
2013-09-17 15:10 - 2010-07-02 18:28 - 00000000 ____D C:\Users\Thinh Vo\AppData\Roaming\Media Player Classic
2013-09-17 14:17 - 2013-09-17 13:54 - 00000000 ____D C:\Windows\erdnt
2013-09-17 14:03 - 2013-09-17 14:03 - 00011250 _____ C:\ComboFix.txt
2013-09-17 14:03 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-09-17 14:03 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-09-17 14:02 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-09-14 12:41 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-09-14 11:38 - 2010-05-14 20:30 - 00000000 ____D C:\Windows\Panther
2013-09-13 12:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 22:29 - 2009-07-13 23:33 - 03770728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 22:22 - 2010-05-14 18:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 22:15 - 2013-07-27 11:17 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 22:14 - 2010-05-14 17:51 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-02 22:05

==================== End Of Log ============================

Wanderer11 · October 5, 2013

ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by ---- at 2013-10-05 15:35:26
Running from C:\Users\Thinh Vo\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

7-Zip 4.65
Adobe AIR (Version: 2.7.0.19480)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Media Player (Version: 1.8)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bamboo (Version: 5.2.4-3)
Belkin Setup and Router Monitor
Bonjour (Version: 3.0.0.10)
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MG2200 series MP Drivers (Version: 1.00)
Canon MG2200 series On-screen Manual (Version: 7.5.0)
Canon MG2200 series User Registration
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
CCleaner (Version: 4.06)
Chinese Simplified Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.4.0.6)
Fable III (Version: 1.0.0002.131)
FanFictionDownloader version 0.7.2 (Version: 0.7.2)
FireAlpaca 1.0.41 (Version: 1.0.41)
Foxit Reader (Version: 5.4.3.920)
HP MediaSmart Webcam (Version: 4.1.3130)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.3.42)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor Enterprise Plus (Version: 3.0.0.561)
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Pismo File Mount Audit Package
Realtek USB2.0&PCIE Card Reader (Version: 2009.11.09)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)

==================== Restore Points =========================

17-09-2013 19:18:16 ComboFix created restore point
18-09-2013 00:35:42 Windows Update
27-09-2013 01:20:30 Windows Update
29-09-2013 19:15:41 Removed Java 7 Update 25
29-09-2013 19:17:42 Installed Java 7 Update 40
03-10-2013 13:54:57 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-09-17 14:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {2405EA1B-10DB-4340-AB8F-9F4FDD1243CC} - System32\Tasks\{B8AD8D6C-BB67-43D9-B465-1B6AA8078999} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.169/en/exitsurvey?uhash1=c36ad720e2cfb9b2444c1a4b35f42b1d&uhash2=0da53db81d36c0c0816113ff000cf6c8&uhash3=ed9193c3689edb480ee776d249faeeba&uhash4=2de0efb91021c3330608029f09e92ba3&uhash5=549a64a43502261f4d70cb7837ed3eb9
Task: {2E77A8F0-F60F-42BD-A0AA-A5C03172C9D9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {3167469A-0F77-4B2B-9E69-AD01F2A98032} - System32\Tasks\{D3A184D2-C93C-4CE7-BC0C-1EDCE8E18147} => C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [2010-08-13] (Microsoft Corporation)
Task: {32E88591-B58F-40EB-AF55-AED5BF463697} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {5773AD74-AC40-4595-9082-FEC7B07B9F77} - System32\Tasks\{5D80616A-1AC9-4EE8-AC34-553B08C26067} => C:\Users\Thinh Vo\Downloads\WindowsActivationUpdate.exe
Task: {74FEB556-6D8D-431E-9244-4F1005B176FB} - System32\Tasks\{1F857ADB-FB97-49CB-96AF-A1A64E22C843} => C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [2010-08-13] (Microsoft Corporation)
Task: {84EB4ADF-DE13-403C-BF4E-448CA71C08CB} - System32\Tasks\{2EF75F3E-C30C-4B1C-9032-60544CCA5FB7} => C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [2010-08-13] (Microsoft Corporation)
Task: {98D0B69D-DDD8-4C88-902C-5AD45410A941} - System32\Tasks\{BB7536EC-8481-40CB-A745-9238B2C10C5B} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A07EE8D5-B620-4B21-B620-06EA06843A31} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C3CBD147-4C8B-465C-BC85-ECA35C10B46F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CADDF9E6-E605-4050-94BC-7617C744229B} - System32\Tasks\MirageAgent => C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-07-30] (CyberLink)
Task: {CDC0BF92-BDDA-40C5-BC6C-367769D067CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {D4AEEBF8-99CB-4C93-8029-C0584380DF1F} - System32\Tasks\{EF8E426E-61C9-4F4E-9A91-FBCAF8B8C281} => C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [2010-08-13] (Microsoft Corporation)
Task: {EFD0544E-0C09-450E-A048-FBEBDFE0AB65} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2010-10-13 16:10 - 2010-09-21 13:33 - 00962416 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Thinh Vo\Downloads\~$_ Scholarship Application(5).eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: ENE CIR Receiver
Description: ENE CIR Receiver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: ENECIR Devices
Service: enecir
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/05/2013 02:53:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
   0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (10/05/2013 02:53:06 PM) (Source: ESENT) (User: )
Description: Windows (1240) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000A9.log.

System errors:
=============
Error: (10/05/2013 02:53:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/05/2013 02:53:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/05/2013 02:53:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/05/2013 02:53:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/05/2013 02:53:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/05/2013 02:53:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/05/2013 02:53:20 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/05/2013 02:53:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/05/2013 02:53:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/05/2013 02:53:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-05 12:08:09.701
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-05 12:08:09.701
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-05 12:08:09.691
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-05 12:00:46.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-05 12:00:46.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-05 12:00:46.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 17:20:00.546
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 17:20:00.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 17:20:00.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 17:20:00.486
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2998.84 MB
Available physical RAM: 1742.12 MB
Total Pagefile: 5993.91 MB
Available Pagefile: 4526.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:241.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F8071B56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

kevinf80 · October 5, 2013

Do not see anything obvious, run the following:

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the update completes select Next.

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

13. Verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...

Wanderer11 · October 5, 2013

Beside the Malwarebytes blockages, there is no other indication of a virus. I scanned my computer with Kaspersky and Malwarebytes but nothing turned up.

AdwCleaner

# AdwCleaner v3.006 - Report created 05/10/2013 at 16:10:05
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Thinh Vo - THINHVO-PC
# Running from : C:\Users\Thinh Vo\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\jetpack

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\prefs.js ]

*************************

AdwCleaner[R0].txt - [1137 octets] - [05/10/2013 16:08:48]
AdwCleaner[s0].txt - [1207 octets] - [05/10/2013 16:10:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1127 octets] ##########

Wanderer11 · October 5, 2013

mbar log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.05.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
--- :: -----PC [administrator]

10/5/2013 4:22:08 PM
mbar-log-2013-10-05 (16-22-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 205699
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------------------------------

System log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.260000 GHz
Memory total: 3144511488, free: 1939234816

Downloaded database version: v2013.10.05.06
Downloaded database version: v2013.09.30.01
=======================================
Initializing...
------------ Kernel report ------------
     10/05/2013 16:22:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\Drivers\pfmfs_359.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8869f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff87ba5028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8869f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8869fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8869f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8869e670, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff87bf0860, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87ba5028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F8071B56

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 624932864

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

Wanderer11 · October 5, 2013

The system is working fine. I severed the internet connect whenever I ran anything so I just now noticed that the IP address changed to 46.183.216.114 for the last four blockages, which were over an hour ago.

kevinf80 · October 5, 2013

The first IP address you quote was somewhere in the Ukraine, the latest is Latvia. Run the following:

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

Double click zip file and extract to your Desktop:

you will now have 3 versions of the tool on the Desktop:

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

Process;emptyclsid;firefoxlook;Chromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply…..

Wanderer11 · October 6, 2013

Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Thinh Vo on Sat 10/05/2013 at 17:16:34.82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Thinh Vo\Desktop\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

10/5/2013 5:17:21 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4095684388-92694045-441989994-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Thinh Vo\Desktop\zoek\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\jetpack" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\THINHV~1\AppData\Local\Temp ====
====== Java Cache =====
2013-09-20 01:10:06   F3585F75148C1DF4DE21A5CD9C561353   38760   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3edaa452-7e9d1f37
2013-09-20 01:10:03   E084D9694EF1CCC8343F656892F01572   965048   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\444b5892-3cb16669
2013-10-04 21:56:40   6A9A21142522CA5F564B99DA7F028401   13247   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\35ab0d54-53572292
2013-10-04 21:56:39   09286027C31FFAD3DA4E877845C5F2DF   13503   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\18472f1c-4a525b92
2013-09-29 19:11:03   F99C5E61C1AC9013B7C8A774531A6ADA   304778   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\509b8ae5-23c147fe-1.6.2.15-
2013-09-29 19:14:20   16563EBF720C9551997E67BDC8E2B40D   935   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\15572e2f-1a02dde9
2013-09-29 19:14:21   A1B563FFD05FF9F6C2B573CA7522BFFB   272613   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3b1cd333-612e9616
2013-10-04 21:56:39   9BDC7947316E3BADE9A2F61CCB252DA8   7196   ----a-w-   C:\Users\Thinh Vo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\1442de86-55a3da56
====== C:\Windows\system32 =====
2013-09-29 19:18:07   ACA17F8E1F9E8891DE15E2527D8D74D0   264616   ----a-w-   C:\Windows\System32\javaws.exe
2013-09-29 19:18:00   EC94122E6DCB6E731D8513A89AC9CF12   175016   ----a-w-   C:\Windows\System32\javaw.exe
2013-09-29 19:18:00   EC2A0F271C0FD4AD57B137845577F539   175016   ----a-w-   C:\Windows\System32\java.exe
2013-09-29 19:18:00   65F0FBCDBBA20FC4B0DADCA922150A99   94632   ----a-w-   C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-09-30 03:05:39   4470E3C1E0C3378E4CAB137893C12C3A   22856   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-09-13 03:10:11   DDCE686D76C2B4DB435A3AF5BD0E691D   133056   ----a-w-   C:\Windows\System32\drivers\ataport.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-29 19:18:15   --------   d-----w-   C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Thinh Vo\AppData\Roaming ======
2013-09-29 19:14:27   --------   d-----w-   C:\Users\Thinh Vo\AppData\Roaming\Oracle
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Thinh Vo\AppData\Local\temp
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
====== C:\Users\Thinh Vo ======
2013-10-05 21:19:11   E6F3BBBCD31AB4CE97782C66551903FB   12907592   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar-1.07.0.1005.exe
2013-10-05 21:06:41   5611140E8CC5927D371C27EA1F9E71A6   1045226   ----a-w-   C:\Users\Thinh Vo\Downloads\AdwCleaner.exe
2013-10-05 20:33:52   5995C51E39751F970C6B11BE7B0E37FB   1087213   ----a-w-   C:\Users\Thinh Vo\Desktop\FRST.exe
2013-10-05 18:46:52   30D0AD41CC60C6A62277BB350A1EBE4E   4369632   ----a-w-   C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 16:22:49   C191C746CD975CE2DD5F8B5E009F8385   1528184   ----a-w-   C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
2013-09-30 02:59:40   482CBA6D1C944A314AC9715F6754DF79   80456   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-30 02:49:41   683FDD3D773C58B262DC07CD0C6CE938   10285040   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-consumer.exe
2013-09-29 19:18:31   --------   d-----w-   C:\ProgramData\Oracle
2013-09-29 19:18:00   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Public\AppData

====== C: exe-files ==
2013-10-05 22:15:49   E6A9B00BC2DDBA4A0CFEEE0E4FC65F07   544   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$IIZ1BSY.exe
2013-10-05 22:15:49   559FCA12923855C7DE1DC743532457A5   544   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$IFLLH3I.exe
2013-10-05 22:15:25   732ACD77DEC40C2D19312E2E36951875   1263104   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$RFLLH3I.exe
2013-10-05 22:15:25   122A32A068A76C220AD47B3C2780407C   1263104   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$RIZ1BSY.exe
2013-10-05 21:20:41   60CEFABAC2C573B266B567534CE7567E   1178424   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar\mbar.exe
2013-10-05 21:20:41   373A0226FCB397B0C4031AD27FC429EE   757048   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar\Plugins\fixdamage.exe
2013-10-05 21:19:11   E6F3BBBCD31AB4CE97782C66551903FB   12907592   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar-1.07.0.1005.exe
2013-10-05 21:06:41   5611140E8CC5927D371C27EA1F9E71A6   1045226   ----a-w-   C:\Users\Thinh Vo\Downloads\AdwCleaner.exe
2013-10-05 20:33:52   5995C51E39751F970C6B11BE7B0E37FB   1087213   ----a-w-   C:\Users\Thinh Vo\Desktop\FRST.exe
2013-10-05 18:46:52   30D0AD41CC60C6A62277BB350A1EBE4E   4369632   ----a-w-   C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 16:22:49   C191C746CD975CE2DD5F8B5E009F8385   1528184   ----a-w-   C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
2013-09-30 02:59:40   482CBA6D1C944A314AC9715F6754DF79   80456   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-30 02:49:41   683FDD3D773C58B262DC07CD0C6CE938   10285040   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-consumer.exe
2013-09-29 19:18:07   ACA17F8E1F9E8891DE15E2527D8D74D0   264616   ----a-w-   C:\Windows\System32\javaws.exe
2013-09-29 19:18:00   EC94122E6DCB6E731D8513A89AC9CF12   175016   ----a-w-   C:\Windows\System32\javaw.exe
2013-09-29 19:18:00   EC2A0F271C0FD4AD57B137845577F539   175016   ----a-w-   C:\Windows\System32\java.exe
2013-09-29 19:17:53   F744671F237351A00580DEBDA7B13C58   15784   ----a-w-   C:\Program Files\Java\jre7\bin\servertool.exe
2013-09-29 19:17:53   F07B981F68160C8932BD7E2A056E3542   15784   ----a-w-   C:\Program Files\Java\jre7\bin\kinit.exe
2013-09-29 19:17:53   DE16D31DDE767A35C4727D4F5C4F5165   49064   ----a-w-   C:\Program Files\Java\jre7\bin\ssvagent.exe
2013-09-29 19:17:53   8BAE06DA395B81D5BB9D335719B4C71F   15784   ----a-w-   C:\Program Files\Java\jre7\bin\keytool.exe
2013-09-29 19:17:53   8B060210811F4C88280BB1FE097C8D18   15784   ----a-w-   C:\Program Files\Java\jre7\bin\policytool.exe
2013-09-29 19:17:53   879FBD4327A0411AD856CD256E05ACC8   15784   ----a-w-   C:\Program Files\Java\jre7\bin\pack200.exe
2013-09-29 19:17:53   85369335B06BA3EF80DBB2463BD75FC6   15784   ----a-w-   C:\Program Files\Java\jre7\bin\rmid.exe
2013-09-29 19:17:53   79E6E98DD340052FB62E85FC5C0F40B9   15784   ----a-w-   C:\Program Files\Java\jre7\bin\rmiregistry.exe
2013-09-29 19:17:53   46D4A740A9CD31274B372AB31FDAB767   16296   ----a-w-   C:\Program Files\Java\jre7\bin\orbd.exe
2013-09-29 19:17:53   3F17C8C96551E1DFADAD909282D7A53B   15784   ----a-w-   C:\Program Files\Java\jre7\bin\ktab.exe
2013-09-29 19:17:53   33329EE40961C9F75753135EEFEE5215   16296   ----a-w-   C:\Program Files\Java\jre7\bin\tnameserv.exe
2013-09-29 19:17:53   20121F1F03EA62AE7DBE20A5C065E62B   146344   ----a-w-   C:\Program Files\Java\jre7\bin\unpack200.exe
2013-09-29 19:17:53   14478E73336D593E396FEE603118DF73   15784   ----a-w-   C:\Program Files\Java\jre7\bin\klist.exe
2013-09-29 19:17:52   FE62A080B6B3846FB18F04B488BF686F   66984   ----a-w-   C:\Program Files\Java\jre7\bin\javacpl.exe
2013-09-29 19:17:52   FB81754A3C79379C3882128875C8C948   48552   ----a-w-   C:\Program Files\Java\jre7\bin\jabswitch.exe
2013-09-29 19:17:52   ED2542D50B46FACB647E9ACE15376F71   52648   ----a-w-   C:\Program Files\Java\jre7\bin\jp2launcher.exe
2013-09-29 19:17:52   EC94122E6DCB6E731D8513A89AC9CF12   175016   ----a-w-   C:\Program Files\Java\jre7\bin\javaw.exe
2013-09-29 19:17:52   EC2A0F271C0FD4AD57B137845577F539   175016   ----a-w-   C:\Program Files\Java\jre7\bin\java.exe
2013-09-29 19:17:52   ACA17F8E1F9E8891DE15E2527D8D74D0   264616   ----a-w-   C:\Program Files\Java\jre7\bin\javaws.exe
2013-09-29 19:17:52   A5937B2A94424CF1B13A4AD503AF6B2E   182696   ----a-w-   C:\Program Files\Java\jre7\bin\jqs.exe
2013-09-29 19:17:52   20238A6FE9CA82DB6AA17CB08F4906CF   15784   ----a-w-   C:\Program Files\Java\jre7\bin\java-rmi.exe
=== C: other files ==
2013-10-05 22:15:49   E923E0CE0DA3FA858A003F78837C21CF   544   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$I3GCETL.com
2013-10-05 22:15:25   732ACD77DEC40C2D19312E2E36951875   1263104   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-4095684388-92694045-441989994-1000\$R3GCETL.com
2013-09-30 03:05:39   4470E3C1E0C3378E4CAB137893C12C3A   22856   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-09-29 19:17:53   8C636C988365FC3E61F1B5C5ACECCB55   18675   ----a-w-   C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4095684388-92694045-441989994-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"InstaLAN"="C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe startup"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CanonQuickMenu"="C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

==== Startup Folders ======================

2011-03-09 19:07:27   1218   ----a-w-   C:\Users\Thinh Vo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/20/2013 12:46 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732
- Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732
CA0E1DFBE480CF0BE13A0883BEB378B6   - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -   Java Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0   - C:\Windows\system32\npdeployJava1.dll -   Java Deployment Toolkit 7.0.400.43
E5AF72B7353FF8D431A7C463A4229524   - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll -   Shockwave Flash
148727EBD947CBC168C42A227D56DAB0   - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8   - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
AE7B288233C212C62CD544BF768C45E6   - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll -   Shockwave for Director / Shockwave for Director
270EE43CC00609B9937AAF94E1E970D4   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
3239619A441E23A20EC923DF92FF2D70   - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll -   CANON iMAGE GATEWAY Album Plugin Utility for IJ
B4BE4DAE164BF1C6630F0D32FED0ECA9   - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll -   DivX Web Player
605473FD8D50CCDFD5EA357F72683410   - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -   DivX VOD Helper Plug-in
AC421A44DE902F2627F1E63793ED89CD   - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -   Windows Live? Photo Gallery
2DB60449763CC2079588D2394AB32CA4   - C:\Program Files\TabletPlugins\npwacom.dll -   Wacom Dynamic Link Library
87132527E2256CF6683A18C4EB34DD3B   - C:\Windows\system32\Wat\npWatWeb.dll -   Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF   - C:\Windows\system32\npmproxy.dll -   Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\mg24ndcg.default-1379391981732\extensions\firefox@ghostery.com.xpi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[05/02/2013 02:26 AM]
fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[02/07/2011 07:17 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[05/02/2013 02:26 AM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[05/02/2013 02:26 AM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[05/02/2013 02:24 AM]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[02/07/2011 07:17 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[05/02/2013 02:26 AM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Silent Runners ======================

==== Empty IE Cache ======================

C:\Users\Thinh Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thinh Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\THINHV~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 10/05/2013 at 20:42:54.41 ======================

kevinf80 · October 6, 2013

What is the status of your system now, any remaining issues or concerns?

Wanderer11 · October 6, 2013

Last night when I accessed the internet to post the Zoek.exe files, Malwarebytes blocked four more attempts.

2013/10/05 20:49:22 -0500    ---PC    --    IP-BLOCK   91.206.200.51 (Type: incoming, Port: 1615, Process: svchost.exe)
2013/10/05 20:49:22 -0500    ---PC    --    IP-BLOCK   91.206.200.51 (Type: incoming, Port: 1615, Process: svchost.exe)
2013/10/05 20:49:22 -0500    ---PC    --    IP-BLOCK   91.206.200.51 (Type: incoming, Port: 1615, Process: svchost.exe)
2013/10/05 20:49:22 -0500    ---PC    --    IP-BLOCK   91.206.200.51 (Type: incoming, Port: 1615, Process: svchost.exe)

kevinf80 · October 6, 2013

Which browser were you using?

Wanderer11 · October 6, 2013

I'm using Firefox latest update. Adobe and Java are up to date.

kevinf80 · October 6, 2013

Close out Firefox and do the following:

Select start > type or copy paste firefox -safemode into the search box, hit enter.

Firefox will open in safemode, all plugins addons etc will be off, see if you get any more alerts when surfing about

Wanderer11 · October 6, 2013

There is no more block alerts since Firefox in safemode, roughly 2 hours now.

kevinf80 · October 6, 2013

OK, probably the best way forward is to reset Firefox to default settings, make sure all addons/plugins are gone....

To Reset Firefox do the following:

Go to Firefox > Help > Troubleshooting Information.
Click the "Reset Firefox" button.
Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
Firefox will open with all factory defaults applied.

See if the IP block issue is fixed

Wanderer11 · October 6, 2013

I resetted Firefox. I'll let you know in next 24 hours if there are any other problems. Thank you very much for your help.

kevinf80 · October 6, 2013

Ok that sounds good to me, catch up later...

Wanderer11 · October 6, 2013

It's back. I had two tabs opened; one was on wikipedia and another was on google search.

2013/10/06 18:34:30 -0500    ---PC    --    IP-BLOCK   46.183.216.114 (Type: incoming, Port: 580, Process: svchost.exe)
2013/10/06 18:34:30 -0500    ---PC    --    IP-BLOCK   46.183.216.114 (Type: incoming, Port: 580, Process: svchost.exe)
2013/10/06 18:34:30 -0500    ---PC    --    IP-BLOCK   46.183.216.114 (Type: incoming, Port: 580, Process: svchost.exe)

kevinf80 · October 7, 2013

Ok we need to run Zoek one more time, I`ll give the full instruction, if you still have it on your Desktop no need to d/l again... A very slight variance to the script this time, i`ve added a Firefox default routine, lets see what happens with your browser after this completes....

Download Zoek.zip from here www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

Double click zip file and extract to your Desktop:

you will now have 3 versions of the tool on the Desktop:

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

Process;emptyclsid;firefoxlook;FFdefaultsChromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply,

Kevin

Wanderer11 · October 7, 2013

Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by --- on Mon 10/07/2013 at 12:38:19.16.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Thinh Vo\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-06-014254.log   21340 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Thinh Vo\Desktop\zoek\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725\jetpack" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\THINHV~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2013-09-29 19:18:07   ACA17F8E1F9E8891DE15E2527D8D74D0   264616   ----a-w-   C:\Windows\System32\javaws.exe
2013-09-29 19:18:00   EC94122E6DCB6E731D8513A89AC9CF12   175016   ----a-w-   C:\Windows\System32\javaw.exe
2013-09-29 19:18:00   EC2A0F271C0FD4AD57B137845577F539   175016   ----a-w-   C:\Windows\System32\java.exe
2013-09-29 19:18:00   65F0FBCDBBA20FC4B0DADCA922150A99   94632   ----a-w-   C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-09-30 03:05:39   4470E3C1E0C3378E4CAB137893C12C3A   22856   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-09-13 03:10:11   DDCE686D76C2B4DB435A3AF5BD0E691D   133056   ----a-w-   C:\Windows\System32\drivers\ataport.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-29 19:18:15   --------   d-----w-   C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Thinh Vo\AppData\Roaming ======
2013-10-05 22:24:04   --------   d-----w-   C:\Users\Thinh Vo\AppData\Local\Temp
2013-09-29 19:14:27   --------   d-----w-   C:\Users\Thinh Vo\AppData\Roaming\Oracle
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
====== C:\Users\Thinh Vo ======
2013-10-06 18:18:35   A4022823CFBF2C1A97BD01CCF7FE976C   7912440   ----a-w-   C:\Users\Thinh Vo\Downloads\Shockwave_Installer_Slim.exe
2013-10-05 21:19:11   E6F3BBBCD31AB4CE97782C66551903FB   12907592   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar-1.07.0.1005.exe
2013-10-05 21:06:41   5611140E8CC5927D371C27EA1F9E71A6   1045226   ----a-w-   C:\Users\Thinh Vo\Downloads\AdwCleaner.exe
2013-10-05 20:33:52   5995C51E39751F970C6B11BE7B0E37FB   1087213   ----a-w-   C:\Users\Thinh Vo\Desktop\FRST.exe
2013-10-05 18:46:52   30D0AD41CC60C6A62277BB350A1EBE4E   4369632   ----a-w-   C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 16:22:49   C191C746CD975CE2DD5F8B5E009F8385   1528184   ----a-w-   C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
2013-09-30 02:59:40   482CBA6D1C944A314AC9715F6754DF79   80456   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-30 02:49:41   683FDD3D773C58B262DC07CD0C6CE938   10285040   ----a-w-   C:\Users\Thinh Vo\Downloads\mbam-consumer.exe
2013-09-29 19:18:31   --------   d-----w-   C:\ProgramData\Oracle
2013-09-29 19:18:00   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-09-17 19:03:11   --------   d-----w-   C:\Users\Public\AppData

====== C: exe-files ==
2013-10-06 18:18:35   A4022823CFBF2C1A97BD01CCF7FE976C   7912440   ----a-w-   C:\Users\Thinh Vo\Downloads\Shockwave_Installer_Slim.exe
2013-10-05 21:20:41   60CEFABAC2C573B266B567534CE7567E   1178424   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar\mbar.exe
2013-10-05 21:20:41   373A0226FCB397B0C4031AD27FC429EE   757048   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar\Plugins\fixdamage.exe
2013-10-05 21:19:11   E6F3BBBCD31AB4CE97782C66551903FB   12907592   ----a-w-   C:\Users\Thinh Vo\Desktop\mbar-1.07.0.1005.exe
2013-10-05 21:06:41   5611140E8CC5927D371C27EA1F9E71A6   1045226   ----a-w-   C:\Users\Thinh Vo\Downloads\AdwCleaner.exe
2013-10-05 20:33:52   5995C51E39751F970C6B11BE7B0E37FB   1087213   ----a-w-   C:\Users\Thinh Vo\Desktop\FRST.exe
2013-10-05 18:46:52   30D0AD41CC60C6A62277BB350A1EBE4E   4369632   ----a-w-   C:\Users\Thinh Vo\Downloads\ccsetup406.exe
2013-10-05 16:22:49   C191C746CD975CE2DD5F8B5E009F8385   1528184   ----a-w-   C:\Users\Thinh Vo\Downloads\GenuineCheck.exe
=== C: other files ==
2013-10-06 21:24:30   929F713B7543144F4C740FE2D89F5C92   1314979   ----a-w-   C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725\extensions\firefox@ghostery.com.xpi
2013-10-06 21:24:27   929F713B7543144F4C740FE2D89F5C92   1314979   ----a-w-   C:\Users\Thinh Vo\AppData\Local\Temp\tmp-goq.xpi
2013-10-06 21:22:56   51555013F2F820E6A20E991E754752D8   123385   ----a-w-   C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725\extensions\elemhidehelper@adblockplus.org.xpi
2013-10-06 21:22:54   51555013F2F820E6A20E991E754752D8   123385   ----a-w-   C:\Users\Thinh Vo\AppData\Local\Temp\tmp-yuq.xpi
2013-10-06 21:21:39   1D062796A5FF05D60F20A97677EDD437   824302   ----a-w-   C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-10-06 21:21:34   1D062796A5FF05D60F20A97677EDD437   824302   ----a-w-   C:\Users\Thinh Vo\AppData\Local\Temp\tmp-is9.xpi
2013-10-06 21:15:47   1D062796A5FF05D60F20A97677EDD437   824302   ----a-w-   C:\Users\Thinh Vo\Desktop\Old Firefox Data\mg24ndcg.default-1379391981732\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4095684388-92694045-441989994-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"InstaLAN"="C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe startup"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CanonQuickMenu"="C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

==== Startup Folders ======================

2011-03-09 19:07:27   1218   ----a-w-   C:\Users\Thinh Vo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/20/2013 12:46 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725
CA0E1DFBE480CF0BE13A0883BEB378B6   - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -   Java Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0   - C:\Windows\system32\npdeployJava1.dll -   Java Deployment Toolkit 7.0.400.43
E5AF72B7353FF8D431A7C463A4229524   - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll -   Shockwave Flash
148727EBD947CBC168C42A227D56DAB0   - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
9B4D431459A9B935FB117F4EDDA236E8   - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
0C0C5C207121C7A78414A8250E8E099A   - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll -   Shockwave for Director / Shockwave for Director
270EE43CC00609B9937AAF94E1E970D4   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
3239619A441E23A20EC923DF92FF2D70   - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll -   CANON iMAGE GATEWAY Album Plugin Utility for IJ
B4BE4DAE164BF1C6630F0D32FED0ECA9   - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll -   DivX Web Player
605473FD8D50CCDFD5EA357F72683410   - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -   DivX VOD Helper Plug-in
AC421A44DE902F2627F1E63793ED89CD   - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -   Windows Live? Photo Gallery
2DB60449763CC2079588D2394AB32CA4   - C:\Program Files\TabletPlugins\npwacom.dll -   Wacom Dynamic Link Library
87132527E2256CF6683A18C4EB34DD3B   - C:\Windows\system32\Wat\npWatWeb.dll -   Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF   - C:\Windows\system32\npmproxy.dll -   Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\Thinh Vo\AppData\Roaming\Mozilla\Firefox\Profiles\vhv3ytu1.default-1381094143725\extensions\firefox@ghostery.com.xpi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[05/02/2013 02:26 AM]
fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[02/07/2011 07:17 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[05/02/2013 02:26 AM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[05/02/2013 02:26 AM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[05/02/2013 02:24 AM]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[02/07/2011 07:17 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[05/02/2013 02:26 AM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Silent Runners ======================

==== Empty IE Cache ======================

C:\Users\Thinh Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thinh Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\THINHV~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 10/07/2013 at 12:47:21.87 ======================

kevinf80 · October 7, 2013

Are you still seeing the IP block issue since Zoek scan?

Wanderer11 · October 8, 2013

I think I'm good now. I haven't seen any more blocks by Malwarebytes. Thank you very much for you help.

Block Incoming svchost.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information