Jump to content

Recommended Posts

I've been infected with something. I think It's called Firetab. It's very intermittent. It's infected my browsers. Sometimes, when I load up a browser, everything is fine. But, then, when I search for a certain search term, (and I don't know which search terms they are; it's just random, "malwarebytes" or "how to remove firetab" is an example), the address bar just flickers with different addresses and I see the word "firetab" in the address bar over and over.

 

I ran Malwarebytes and it did not help.

 

Here's a link to the image of a screen capture of what's going on on my screen:

 

https://forums.malwarebytes.org/uploads/monthly_11_2013/post-145667-0-80243200-1384411982.png

 

Please assist me in removing it.

 

Here are the DDS.txt and Attach.txt logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/2/2012 6:28:12 PM
System Uptime: 11/19/2013 5:53:15 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 07FXP8
Processor: Intel® Core i3 CPU       M 380  @ 2.53GHz | CPU 1 | 2375/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 181.589 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
==== System Restore Points ===================
.
RP203: 11/11/2013 8:45:04 PM - Removed PriceSparrow
RP204: 11/13/2013 12:14:00 AM - Windows Update
RP205: 11/13/2013 3:00:29 AM - Windows Update
RP206: 11/16/2013 1:36:54 AM - ComboFix created restore point
RP207: 11/19/2013 6:14:30 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
AccessData FTK Imager
Accidental Damage Services Agreement
Adobe AIR
Adobe Download Assistant
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.8) MUI
Adobe Widget Browser
Advanced Audio FX Engine
Akamai NetSession Interface
Any Video Converter 5.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
Banctec Service Agreement
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
Boris Graffiti for Corel
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon MX340 series MP Drivers
Chuzzle Deluxe
Common
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Contents
Corel VideoStudio Pro X4 Ultimate
Coupon Printer for Windows
Cozi
CueCard (remove only)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell System Detect
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell Wireless Driver Installation
DeviceIO
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Chrome
Google Update Helper
HandBrake 0.9.6
Hex Workshop v6.7
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ICA
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 27 (64-bit)
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky Anti-Virus 2013
LabSim
Luxor
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Miro Video Converter
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Namco All-Stars PAC-MAN
Oracle VM VirtualBox 4.2.18
Penguins!
PhotoShowExpress
Picasa 3
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Premium Service Agreement
PrintCoupon
proDAD Mercalli 2.0
ProDiscover Basic 4.8a
PureHD
QualxServ Service Agreement
Quickset64
QuickTime
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sam Spade version 1.14
Samantha Swift
Scholastic's I SPY Fun House
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Setup
Share
Share64
Skype™ 5.10
SmartSound Common Data
SmartSound Quicktracks 5
Sonic CinePlayer Decoder Pack
SyncToy 2.1 (x86)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Update Installer for WildTangent Games App
VIO
Virtual Villagers 4 - The Tree of Life
VSClassic
VSUltimate
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPcap 4.1.2
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 6:02:20 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer RDSTILL1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5162998E-B318-4DB9-869D-A8734C84C783}. The master browser is stopping or an election is being forced.
11/16/2013 11:55:47 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/16/2013 11:54:29 AM, Error: Service Control Manager [7000]  - The Link-Layer Topology Discovery Mapper service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
11/16/2013 11:54:28 AM, Error: Service Control Manager [7000]  - The AddonsHelper service failed to start due to the following error:  The system cannot find the file specified.
11/16/2013 11:49:20 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/16/2013 1:52:48 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/16/2013 1:46:51 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/16/2013 1:36:33 AM, Error: Service Control Manager [7034]  - The AddonsHelper service terminated unexpectedly.  It has done this 1 time(s).
11/14/2013 2:35:11 AM, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
11/12/2013 11:55:12 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{5162998E-B318-4DB9-869D-A8734C84C783} because another computer on the network has the same name.  The server could not start.
11/12/2013 11:55:12 PM, Error: NetBT [4321]  - The name "RDSTILL2       :20" could not be registered on the interface with IP address 10.0.0.16. The computer with the IP address 169.254.230.225 did not allow the name to be claimed by this computer.
11/12/2013 11:55:12 PM, Error: NetBT [4321]  - The name "RDSTILL2       :0" could not be registered on the interface with IP address 10.0.0.16. The computer with the IP address 169.254.230.225 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Robert at 20:05:40 on 2013-11-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2935.1221 [GMT -6:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\alg.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\windows\splwow64.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: <No Name>: {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe"
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
Trusted Zone: dell.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\2375942554934333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\3516978456C6C6F645F6D497C4964747C65664279656E646 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\354796C6C6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll


x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\
FF - prefs.js: browser.search.defaulturl -

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-16 01:18; autofillForms@blueimp.net; C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\extensions\autofillForms@blueimp.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-30 55856]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-30 89600]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13336]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-30 689472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2533400]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-30 176096]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-11-30 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-11-30 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-30 317440]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 AddonsHelper;AddonsHelper;C:\Users\Robert\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe --> C:\Users\Robert\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-30 250984]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
S3 WPRO_41_1879;WinPcap Packet Driver (WPRO_41_1879);C:\windows\System32\drivers\WPRO_41_1879.sys [2013-1-31 34832]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-11-20 00:26:22    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19C9920B-24F1-47DD-80EE-9C7746A2811F}\offreg.dll
2013-11-20 00:15:19    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19C9920B-24F1-47DD-80EE-9C7746A2811F}\mpengine.dll
2013-11-16 07:55:07    --------    d-----w-    C:\$RECYCLE.BIN
2013-11-16 07:36:47    98816    ----a-w-    C:\windows\sed.exe
2013-11-16 07:36:47    256000    ----a-w-    C:\windows\PEV.exe
2013-11-16 07:36:47    208896    ----a-w-    C:\windows\MBR.exe
2013-11-13 09:07:02    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-11-13 06:31:09    1474048    ----a-w-    C:\windows\System32\crypt32.dll
2013-11-13 06:31:08    1168384    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-11-13 06:28:20    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2013-11-13 06:28:17    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-11-13 06:28:17    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-11-13 06:28:16    197120    ----a-w-    C:\windows\System32\credui.dll
2013-11-13 06:28:16    190464    ----a-w-    C:\windows\System32\SmartcardCredentialProvider.dll
2013-11-13 06:28:16    168960    ----a-w-    C:\windows\SysWow64\credui.dll
2013-11-13 06:28:16    152576    ----a-w-    C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 06:23:11    --------    d-----w-    C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-11-13 06:22:59    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-11-13 06:22:59    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-13 06:22:59    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 05:50:00    --------    d-----w-    C:\Users\Robert\AppData\Roaming\Helper
2013-11-12 02:30:22    --------    d-----w-    C:\ProgramData\DNSErrorHelper
2013-11-06 04:04:43    99840    ----a-w-    C:\windows\System32\drivers\usbccgp.sys
2013-11-06 04:04:43    7808    ----a-w-    C:\windows\System32\drivers\usbd.sys
2013-11-06 04:04:43    52736    ----a-w-    C:\windows\System32\drivers\usbehci.sys
2013-11-06 04:04:43    343040    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2013-11-06 04:04:43    325120    ----a-w-    C:\windows\System32\drivers\usbport.sys
2013-11-06 04:04:43    30720    ----a-w-    C:\windows\System32\drivers\usbuhci.sys
2013-11-06 04:04:43    25600    ----a-w-    C:\windows\System32\drivers\usbohci.sys
2013-11-06 03:34:48    --------    d-----w-    C:\Users\Robert\VirtualBox VMs
2013-11-06 03:31:30    238352    ----a-w-    C:\windows\System32\drivers\VBoxDrv.sys
2013-11-06 03:31:21    119056    ----a-w-    C:\windows\System32\drivers\VBoxUSBMon.sys
2013-11-06 03:31:17    --------    d-----w-    C:\Program Files\Oracle
2013-11-03 17:49:20    --------    d-----w-    C:\Program Files\iPod
2013-11-03 17:49:18    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-03 17:49:18    --------    d-----w-    C:\Program Files\iTunes
2013-11-03 17:49:18    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-11-03 03:17:31    --------    d-----w-    C:\Program Files\BreakPoint Software
2013-11-03 03:10:03    --------    d-----w-    C:\Users\Robert\Flashbackup
2013-10-28 03:58:43    --------    d-----w-    C:\Program Files (x86)\AccessData
2013-10-23 04:02:43    --------    d-----w-    C:\Users\Robert\Work
2013-10-21 02:46:56    --------    d-----w-    C:\Program Files (x86)\Technology Pathways
2013-10-21 02:46:13    --------    d-----w-    C:\windows\Downloaded Installations
2013-10-21 02:44:51    --------    d-----w-    C:\Users\Robert\Prodiscover
.
==================== Find3M  ====================
.
2013-10-21 01:17:57    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 23:23:16    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-17 21:56:28    29280    ----a-w-    C:\windows\System32\drivers\klmouflt.sys
2013-10-17 21:56:28    29280    ----a-w-    C:\windows\System32\drivers\klkbdflt.sys
2013-10-17 21:56:25    7717984    ----a-w-    C:\windows\System32\drivers\kl1.sys
2013-10-12 08:45:20    2241536    ----a-w-    C:\windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-03 02:23:48    404480    ----a-w-    C:\windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2013-09-25 02:26:40    95680    ----a-w-    C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\windows\SysWow64\mswsock.dll
2013-09-06 20:25:40    146704    ----a-w-    C:\windows\System32\drivers\VBoxNetFlt.sys
2013-09-06 20:25:40    131856    ----a-w-    C:\windows\System32\drivers\VBoxNetAdp.sys
2013-09-06 20:25:38    204048    ----a-w-    C:\windows\System32\VBoxNetFltNobj.dll
2013-09-03 19:35:10    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-08-29 02:17:48    5549504    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\windows\System32\scavengeui.dll
2013-05-15 17:38:04    4167680    ----a-w-    C:\Program Files (x86)\GUT28D.tmp
.
============= FINISH: 20:06:10.16 ===============

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


BHO: <No Name>: {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll
Link to post
Share on other sites

Here is the RogueKiller report

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Admin rights]
Mode : Scan -- Date : 11/19/2013 22:47:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS +++++
--- User ---
[MBR] e4531536944818e0c60d9bf3eadf6993
[bSP] 05bfc4d35f6452c4e2c5889c5d2c91a0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11192013_224754.txt >>



 

Link to post
Share on other sites

I believe that this is responsible for your problem:

BHO: <No Name>: {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll

See if you can manually delete it:

C:\ProgramData\DNSErrorHelper\bho.dll <---file
C:\ProgramData\DNSErrorHelper <---folder

If not........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I ran AdwCleaner

Here is the log after the reboot:

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 19:36:47
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Robert - RDSTILL2
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : AddonsHelper

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Robert\AppData\Roaming\HELPER

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\prefs.js ]

Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1367461719222");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1367373991133");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1367461714756");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1364707758339");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1364707758346");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1364707758556");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1364707758352");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [27054 octets] - [20/10/2013 19:36:42]
AdwCleaner[R1].txt - [1268 octets] - [20/10/2013 20:01:13]
AdwCleaner[R2].txt - [2909 octets] - [20/11/2013 19:33:06]
AdwCleaner[s0].txt - [27278 octets] - [20/10/2013 19:51:20]
AdwCleaner[s1].txt - [1333 octets] - [20/10/2013 20:02:29]
AdwCleaner[s2].txt - [2722 octets] - [20/11/2013 19:36:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2782 octets] ##########

 

I am about to run Malwarebytes. I just wanted to get this log posted.I will let you know how that goes.

Link to post
Share on other sites

I ran the Malwarebytes Quick Scan and it said "no malicious items were detected". Below is the report. I am about to perform a restart on my computer and see if the browsers still behave badly.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Robert :: RDSTILL2 [administrator]

11/20/2013 7:59:50 PM
mbam-log-2013-11-20 (19-59-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235792
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Well - I don't know. I may still have the infection, but I figured out how to make the condition "not happen".

 

All of a sudden it hit me that some how my search engine in the top right corner had changed from Google, which is what I normally keep it on, to a generic search box. (See previous screen shot). So I changed the engine back to google in that search box, and clicked on "manage search engines" as shown in the below screenshot, deleted the generic search engine, and all seems to be fine now.

 

Capture.bmp

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.