Jump to content

Recommended Posts

I'm getting a warning every 15 minutes or so that says Malwarebytes Anti-Malware is blocking access to an IP address. The log contains a message: IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

 

I'm attaching the contents of attach.txt and dds.txt. Thanks in advance for any help you can give me.

 

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2011 2:08:16 PM
System Uptime: 2/8/2014 11:03:47 AM (6 hours ago)
.
Motherboard: Dell Inc. |  | 05VMY6
Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 104.097 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP458: 1/30/2014 3:00:10 AM - Windows Update
RP459: 1/30/2014 8:47:24 AM - Installed Tigrewin
RP460: 1/30/2014 8:47:52 AM - Installed Tigrewin
RP461: 1/31/2014 5:10:01 PM - Windows Modules Installer
RP462: 2/1/2014 6:02:36 PM - Windows Update
RP463: 2/3/2014 11:57:12 AM - Removed Attribute Editor 3.5
RP464: 2/3/2014 11:59:24 AM - Installed Attribute Editor 3.6
RP465: 2/3/2014 4:57:24 PM - Installed Arbortext 6.0 M080.
RP466: 2/5/2014 12:21:00 PM - Device Driver Package Install: KONICA MINOLTA Printers
RP467: 2/5/2014 12:23:09 PM - Device Driver Package Install: KONICA MINOLTA Printers
RP468: 2/6/2014 8:32:39 AM - Garmin Express
RP469: 2/7/2014 6:45:00 PM - Windows Update
RP470: 2/7/2014 11:05:57 PM - Restore Operation
RP471: 2/7/2014 11:15:35 PM - Installed Tigrewin
RP472: 2/7/2014 11:15:48 PM - Installed Tigrewin
RP473: 2/8/2014 8:30:20 AM - Installed Arbortext 6.0 M080.
RP474: 2/8/2014 8:41:10 AM - Installed Attribute Editor 3.6
RP475: 2/8/2014 8:44:20 AM - Garmin Express
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AccelerometerP11
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
Advanced JPEG Compressor 2012
Advanced PDF Password Recovery
Altova XMLSpy® 2010  Enterprise Edition
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arbortext 6.0 M080
Arbortext 6.0 M080 (64-bit)
Arbortext IsoView 7.3
ARIA Engine v1.6.0.6
Attribute Editor 3.5
Attribute Editor 3.6
AuthenTec Fingerprint Driver
Author
BioAPI Framework
Bonjour
Brother HL-2070N
Brother HL-2170W
Brother MFL-Pro Suite
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CaseEditorInterface
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Cisco IP Communicator
Cisco WebEx Connect
Cisco WebEx Meeting Center for Internet Explorer
Cisco WebEx Meetings
CodeWright 7.5
CodeWright Libraries
Collaboration Data Objects 1.2.1
Configuration Manager Client
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
Corel Ventura 10
CorelDRAW Essentials X5
CorelDRAW Essentials X5 - Common
CorelDRAW Essentials X5 - Connect
CorelDRAW Essentials X5 - Custom Data
CorelDRAW Essentials X5 - DE
CorelDRAW Essentials X5 - Draw
CorelDRAW Essentials X5 - EN
CorelDRAW Essentials X5 - ES
CorelDRAW Essentials X5 - Extra Content
CorelDRAW Essentials X5 - Filters
CorelDRAW Essentials X5 - FR
CorelDRAW Essentials X5 - IPM
CorelDRAW Essentials X5 - IT
CorelDRAW Essentials X5 - JP
CorelDRAW Essentials X5 - PHOTO-PAINT
CorelDRAW Essentials X5 - Redist
CorelDRAW Essentials X5 - Setup Files
CorelDRAW Essentials X5 - WT
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - CZ
CorelDRAW Graphics Suite X5 - DE
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM HSE
CorelDRAW Graphics Suite X5 - IT
CorelDRAW Graphics Suite X5 - NL
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - PL
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - RU
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - WT
CorelDRAW Home & Student Suite X5
CorelDRAW Home & Student Suite X5 - Extra Content
CorelDRAW® Home & Student Suite X5
Creative DRAWings 6
Creative Pack Volume 1
Creo View Consumer 2.0
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
D3DX10
Data Lifeguard Diagnostic for Windows 1.24
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ControlVault Host Components Installer 64 bit
Dell Data Protection | Access | Drivers
Dell System Detect
Dell System Manager
Dell Touchpad
Digitizer MBX
Digitizer Upgrades and Options
DirectX 9 Runtime
DVD-Cloner V8.70 Build 1016
Elevated Installer
Epson Print CD
EPSON Printer Software
eSupport UndeletePlus 3.0.3.1206
Face Filter
FaceFilter Studio 2
Filmmaker's Toolkit for Studio
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0.8
FontForge 2012-07-31
Garmin Express
Garmin Express Tray
Garritan ARIA Player v1.606
Ghostscript GPL 8.64 (Msi Setup)
GIMP 2.8.2
GoldWave v5.68
GoldWave v5.70
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 6.0.0.1259
Hollywood FX Volumes 1-3
HotDocs Developer 10 (64bit)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2548139)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2635973)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2736182)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2890573)
HP Officejet Pro X451dw Printer Basic Device Software
HP Officejet Pro X451dw Printer Help
HP Photosmart 7520 series Basic Device Software
HP Update
iCloud
IconRestorer 1.0.8.1 SR1
IconViewer
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiFi Software
Ipswitch WS_FTP 12
iSEEK AnswerWorks English Runtime
iTunes
J2SE Runtime Environment 5.0 Update 22
Java 7 Update 21 (64-bit)
Java 7 Update 51
Java Auto Updater
Java 6 Update 38
Java 6 Update 38 (64-bit)
Juniper Networks Host Checker
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.4.0
Juniper Networks Network Connect 8.0
Juniper Networks Setup Client
Juniper Networks, Inc. Setup Client 64-bit Activex Control
Juniper Networks, Inc. Setup Client Activex Control
Junk Mail filter update
KLS Mail Backup 1.9.8.0
KONICA MINOLTA Universal PCL
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Harmony Remote Software 7
M-Audio MIDISPORT Driver 6.1.2 (x64)
Make The Cut!
Malwarebytes Anti-Malware version 1.75.0.1300
MC11KTools
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Web 4
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Team Foundation Server 2010 Power Tools
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Shell (Integrated) - ENU
Microsoft Visual Studio 2010 Team Explorer - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Team Explorer 2010 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Motion Graphics Toolkit for Studio
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Neota Logic Author
Norton Identity Safe
Notepad++
NovaBACKUP
Nuance PaperPort 14
Nuance PDF Viewer Plus
O2Micro Flash Memory Card Windows Driver
Online Backup
Online Sheet Music Viewer 8.3.4.0
Open DVD Ripper 3.50 Build 509
PaperPort Image Printer 64-bit
PC-CCID
PC Backup Pro
Photo Common
Pinnacle Studio 16
Pinnacle Studio 16 - Install Manager
Pinnacle Studio 16 - Standard Content Pack
Pinnacle Video Driver
Popup Card Studio
Premium Pack Volumes 1-2
Product Improvement Study for HP Officejet Pro X451dw Printer
PuTTY version 0.62
Quest Code Tester for Oracle
Quest Installer
Quest SQL Optimizer for Oracle
Quicken 2012
Quicken 2014
QuickTime
RBVirtualFolder64Inst
Remote Control USB Driver
Renesas Electronics USB 3.0 Host Controller Driver
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2012
Roxio Creator Content 2012
Roxio PhotoShow
Roxio Video Capture USB
Scansoft PDF Professional
ScoreFitter Volumes 1-2
Screencast-O-Matic
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2644980)
Security Update for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2645410)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
SlingPlayer
SmartScore X2 Professional Edition
SmartSound Common Data
SmartSound Quicktracks 5
Snagit 10
SONAR X2 Essential (x64)
SPBA 5.9
SQL Navigator for Oracle
Strongvault Online Backup
swMSM
SX Virtual Link
Syncplicity
Thomson Reuters Messenger
Thomson Reuters Messenger Troubleshooting Tool
ThumbsPlus
Tigre 15.10.7
Tigre 16.11.10
Tigre 17.2.8
Tigre 17.3.2
Tigre 17.4.1
TIGRE Administration Tool
Tigrewin
Title Extreme
TiVo Desktop 2.8.3
Trend Micro OfficeScan Client
Ttf2Pt1-3.4.4 Complete package, except sources (GnuWin32)
TurboTax 2012
TurboTax 2012 wdeiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Values and Attributes Screensaver
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.6195
VD64Inst
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Prerequisites - English
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 2.0.3
VueScan x64
Vz In-Home Agent
Wacom
WCF RIA Services V1.0 SP1
WebEdit application
WebEx Productivity Tools
WebSlingPlayer ActiveX
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Driver Package - Janome Sewing Machine Co., Ltd. (Jsmc860) USB  (09/17/2009 6.0.6001.18000)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Mode
Wings' modular v5.00
WinZip 16.5
Wise Registry Cleaner 7.89
Xilisoft DVD Audio Ripper
.
==== Event Viewer Messages From Past Week ========
.
2/8/2014 8:40:05 AM, Error: NETLOGON [3210]  - This computer could not authenticate with \\eg-tlrdc-a10.TLR.Thomson.Com, a Windows domain controller for domain TLR, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
2/8/2014 7:59:39 AM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
2/8/2014 5:54:37 AM, Error: NETLOGON [3210]  - This computer could not authenticate with \\eg-tlrdc-a05.TLR.Thomson.Com, a Windows domain controller for domain TLR, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
2/8/2014 5:09:33 AM, Error: NETLOGON [3210]  - This computer could not authenticate with \\C111ZDMTLREAG.TLR.Thomson.Com, a Windows domain controller for domain TLR, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
2/8/2014 5:06:17 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain TLR due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
2/8/2014 4:39:30 AM, Error: NETLOGON [3210]  - This computer could not authenticate with \\C111KNETLREAG.TLR.Thomson.Com, a Windows domain controller for domain TLR, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
2/8/2014 4:27:06 AM, Error: NETLOGON [3210]  - This computer could not authenticate with \\C111CEATLREAG.TLR.Thomson.Com, a Windows domain controller for domain TLR, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
2/7/2014 11:09:44 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {1CCB96F4-B8AD-4B43-9688-B273F58E0910}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/5/2014 1:57:14 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain TLR due to the following:  The RPC server is unavailable.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
.
==== End Of File ===========================
 

 

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by U1004575 at 17:27:55 on 2014-02-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8073.5188 [GMT -5:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files (x86)\WebEx\Connect\apUpdate.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\DT Utilities\DT Utilities PC Backup Pro\mgService.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\HotDocs\Bin\ZNLSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\Gtwatch.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Syncplicity\Syncplicity.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Users\U1004575\AppData\Local\Apps\2.0\T288PGOQ.LP4\C5AQL7AO.NHN\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Borland\CodeWright\cw32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
uProxyServer = webproxy.int.westgroup.com:80
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: WebCGMHlprObj Class: {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll
TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
uRun: [installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl04g\Brinstck.exe" /I MFC-7820N LAN
uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [DellSystemDetect] C:\Users\U1004575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH3BC710XJ05YY:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
dRun: [EPSON Stylus Photo R340 Series (Copy 2)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIAJA.EXE /FU "C:\Windows\TEMP\E_SC937.tmp" /EF "HKCU"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOVABA~1.LNK - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
uPolicies-Explorer: DontSetAutoplayCheckbox = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com







DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -


TCP: NameServer = 100.45.12.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{ABFEE657-EC6F-4DAD-B760-9F6B19FB2F54} : DHCPNameServer = 100.45.12.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{ABFEE657-EC6F-4DAD-B760-9F6B19FB2F54}\07F6C6B6 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{ABFEE657-EC6F-4DAD-B760-9F6B19FB2F54}\3547566756E6723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{ABFEE657-EC6F-4DAD-B760-9F6B19FB2F54}\35869607D616E633 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{ABFEE657-EC6F-4DAD-B760-9F6B19FB2F54}\A61637D696E656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C719D6DD-2CC7-4644-9363-00C220D6CFED} : DHCPNameServer = 66.1.124.133 66.1.124.132
TCP: Interfaces\{F0CE86F2-6F8D-44B8-883A-39BA5E8549DE} : NameServer = 198.153.192.40,198.153.194.40
TCP: Interfaces\{F0CE86F2-6F8D-44B8-883A-39BA5E8549DE} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: arbortext-editor - {25CFB3E1-4C32-4C7D-A804-49A93255947E} - C:\Program Files (x86)\PTC\Arbortext Editor\bin\x86\EditorControl.dll
Handler: arbortext-editor-embed - {E564DFA6-0F3A-4700-972E-03FBC7961907} - C:\Program Files (x86)\PTC\Arbortext Editor\bin\x86\EditorControl.dll
Handler: qcom - {B8DBD265-42C3-43e6-B439-E968C71984C6} - C:\Program Files (x86)\Common Files\Quest Shared\CodeXpert\qcom.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {0BD7DABC-74DE-41AB-9EDD-0685D8E38C46} - MSIEXEC /i {0BD7DABC-74DE-41AB-9EDD-0685D8E38C46} REINSTALL="Advertised1" REINSTALLMODE=up SETDEFAULTS="1" /qn /quiet
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {C9D36C90-A042-44B8-8FBA-B67424AE79E9} - MSIEXEC /i {C9D36C90-A042-44B8-8FBA-B67424AE79E9} ADDLOCAL="Advertised1" REINSTALL="Advertised1"  REINSTALLMODE=ump SETDEFAULTS="1" /qn /quiet
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll
x64-TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [OfficeScanNT Monitor]  -HideWindow
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Gtwatch] C:\Windows\gtwatch.exe
x64-Run: [syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll




x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: arbortext-editor - {25CFB3E1-4C32-4C7D-A804-49A93255947E} - C:\Program Files\PTC\Arbortext Editor\bin\x64\EditorControl.dll
x64-Handler: arbortext-editor-embed - {E564DFA6-0F3A-4700-972E-03FBC7961907} - C:\Program Files\PTC\Arbortext Editor\bin\x64\EditorControl.dll
x64-Handler: qcom - {B8DBD265-42C3-43e6-B439-E968C71984C6} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 192.120.109.146    dmedusa
Hosts: 192.120.109.173 deerfieldpc
Hosts: 192.120.109.181 metz4
Hosts: 10.136.36.7 hy-test
Hosts: 10.72.130.188   ny-test
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\U1004575\AppData\Roaming\Mozilla\Firefox\Profiles\aodp1hvs.default\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\U1004575\AppData\Local\Citrix\Plugins\92\npappdetector.dll
FF - plugin: C:\Users\U1004575\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-26 56336]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2012-8-26 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2012-8-26 19952]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-7-27 21616]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [2014-1-3 162392]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2012-8-26 27632]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-2-9 457200]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-11-22 78208]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-7-15 21488]
R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\Windows\System32\drivers\CipcCdp.sys [2013-12-5 27392]
R2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [2012-5-3 857704]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 Disaster Recovery Imaging;Disaster Recovery Imaging;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [2013-5-15 6183208]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-8-29 770080]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-2-5 387928]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-27 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-27 701512]
R2 mgService;DT Utilities PC Backup Pro Backup/Copy Engine;C:\Program Files (x86)\DT Utilities\DT Utilities PC Backup Pro\mgService.exe [2010-7-7 265352]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [2014-1-3 129424]
R2 nsService;NovaStor NovaStor Backup/Copy Engine;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2013-5-15 551568]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-7-27 8192]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-7-22 138600]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-7-22 302904]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-10-24 344864]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-10-24 42272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-27 2656280]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2014-1-26 627992]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R2 ZNLSvc;Zeon License Service;C:\Program Files (x86)\HotDocs\bin\ZNLSvc.exe [2008-9-8 186200]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-7-27 27760]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-5-10 38504]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-27 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-27 25928]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-3-23 83560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-7-13 340976]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-6-7 107432]
S3 Backup Client Agent Service;Backup Client Agent Service;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2013-5-15 398632]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-1-18 294064]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2014-1-26 14136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 Jsmc860;Jsmc860;C:\Windows\System32\drivers\Jsmc860.sys [2012-8-24 8704]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\System32\drivers\MAudioMIDISPORT.sys [2010-10-6 199176]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-7-13 1095664]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-8-29 26856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-7-15 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-1-26 90424]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-1-26 15160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\cw32.exe="C:\Program Files\Borland\CodeWright\cw32.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-02-08 13:49:28    --------    d-----w-    C:\Users\U1004575\AppData\Local\Garmin
2014-02-08 13:44:35    --------    d-----w-    C:\Program Files (x86)\Garmin
2014-02-08 10:19:50    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF5B55F1-DF2C-44EB-817E-A8DAE2C20A66}\offreg.dll
2014-02-08 04:16:07    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF5B55F1-DF2C-44EB-817E-A8DAE2C20A66}\mpengine.dll
2014-02-06 13:35:57    --------    d-----w-    C:\Users\U1004575\AppData\Roaming\Garmin
2014-02-06 13:33:03    --------    d-----w-    C:\ProgramData\Garmin
2014-02-06 13:32:48    --------    d-----w-    C:\ProgramData\Package Cache
2014-02-03 16:59:31    --------    d-----w-    C:\Program Files (x86)\Attribute Editor 3.6
2014-01-31 18:40:23    --------    d-----w-    C:\ProgramData\Bitstream
2014-01-30 08:01:15    --------    d-----w-    C:\Windows\Migration
2014-01-23 18:02:48    741480    ------w-    C:\Windows\System32\HPDiscoPMBC11.dll
2014-01-19 05:04:34    96168    ------w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-18 13:03:59    --------    d-----w-    C:\ProgramData\Popup Card Studio
2014-01-18 13:03:55    --------    d-----w-    C:\Program Files (x86)\Popup Card Studio
2014-01-16 15:17:45    --------    d-----w-    C:\KMUPDcache
2014-01-16 15:11:34    --------    d-----w-    C:\Program Files\KONICA MINOLTA
2014-01-16 06:43:36    --------    d-----w-    C:\Users\U1004575\AppData\Roaming\ZoomBrowser EX
2014-01-16 06:43:17    --------    d-----w-    C:\Users\U1004575\AppData\Roaming\CANON INC
2014-01-16 06:43:17    --------    d-----w-    C:\Users\U1004575\AppData\Roaming\CameraWindowDC
2014-01-15 09:24:17    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 09:24:17    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 09:24:17    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 09:24:17    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 09:24:17    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 09:24:17    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 09:24:17    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 09:24:16    3156480    ------w-    C:\Windows\System32\win32k.sys
2014-01-15 09:24:15    376768    ------w-    C:\Windows\System32\drivers\netio.sys
2014-01-10 14:12:35    --------    d-----w-    C:\Windows\Corel
.
==================== Find3M  ====================
.
2014-02-08 04:27:46    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-08 04:27:46    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 14:59:44    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-13 16:24:14    1906968    ----a-w-    C:\Windows\System32\Pen_Touch_Tablet.dll
2014-01-13 16:24:14    1780504    ----a-w-    C:\Windows\System32\WacomMT.dll
2014-01-13 16:24:14    1778968    ----a-w-    C:\Windows\System32\Wintab32.dll
2014-01-13 16:24:13    1913624    ----a-w-    C:\Windows\System32\Pen_Tablet.dll
2014-01-13 16:24:11    1551640    ------w-    C:\Windows\SysWow64\Pen_Tablet.dll
2014-01-13 16:24:11    1544472    ------w-    C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2014-01-13 16:24:11    1432344    ------w-    C:\Windows\SysWow64\WacomMT.dll
2014-01-13 16:24:11    1428248    ------w-    C:\Windows\SysWow64\Wintab32.dll
2013-12-21 14:49:04    181272    ------w-    C:\Windows\RegBootClean.exe
2013-12-19 08:02:02    594024    ----a-w-    C:\Windows\System32\dsNcSmartCardProv.dll
2013-12-19 08:02:02    423528    ----a-w-    C:\Windows\System32\dsNcCredProv.dll
2013-12-19 08:01:32    357480    ------w-    C:\Windows\SysWow64\dsGinaLoaderX64.dll
2013-12-13 20:10:44    4200744    ------w-    C:\Windows\SysWow64\cdintf400.dll
2013-11-29 07:16:54    763912    ------w-    C:\Windows\System32\HPDiscoPMaa11.dll
2013-11-27 08:00:58    942592    ----a-w-    C:\Windows\System32\jsIntl.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ------w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ------w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ------w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ------w-    C:\Windows\SysWow64\tzres.dll
2013-11-12 00:16:03    90424    ----a-w-    C:\Windows\System32\drivers\wachidrouter.sys
2013-11-12 00:16:03    15160    ----a-w-    C:\Windows\System32\drivers\wacomrouterfilter.sys
2013-11-12 00:16:02    14136    ----a-w-    C:\Windows\System32\drivers\hidkmdf.sys
2013-01-19 07:44:40    2174976    ------w-    C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 17:28:39.09 ===============
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Mr.Charlie:  Thank you for your time.

 

Here's a copy of the report from RogueKiller (64-bit):

 

RogueKiller V8.8.6 _x64_ [Feb  7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : U1004575 [Admin rights]
Mode : Scan -- Date : 02/09/2014 09:30:19
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 4 ¤¤¤
[sUSP PATH] Gtwatch.exe -- C:\Windows\Gtwatch.exe [-] -> KILLED [TermProc]
[sUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [7] -> KILLED [TermProc]
[sUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [7] -> KILLED [TermProc]
[sUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [7]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [7]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [7]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [7]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Run : Gtwatch (C:\Windows\gtwatch.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1042883198-748202677-1346798384-40443\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1042883198-748202677-1346798384-40443\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1042883198-748202677-1346798384-40443\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1042883198-748202677-1346798384-40443\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [7]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (webproxy.int.westgroup.com:80 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{F0CE86F2-6F8D-44B8-883A-39BA5E8549DE} : NameServer (198.153.192.40,198.153.194.40 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{F0CE86F2-6F8D-44B8-883A-39BA5E8549DE} : NameServer (198.153.192.40,198.153.194.40 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{F0CE86F2-6F8D-44B8-883A-39BA5E8549DE} : NameServer (198.153.192.40,198.153.194.40 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] DSite : C:\Users\U1004575\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] {3EFB9166-CB90-4D14-B7A8-89748A4B1A88} : C:\Users\U1004575\Desktop\web.EXE [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
192.120.109.146 dmedusa
192.120.109.173 deerfieldpc
192.120.109.181 metz4
10.136.36.7     hy-test
10.72.130.188   ny-test
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Samsung SSD 840 Series +++++
--- User ---
[MBR] e00832b60f668a4b816f5727527906b9
[bSP] 916055354c23513b33e4765c45166e4d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02092014_093019.txt >>
Link to post
Share on other sites

Do you know what this is:
C:\Users\U1004575\Desktop\web.EXE

~~~~~~~~~~~~~~~~~~~~~~~~


Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[V2][sUSP PATH] DSite : C:\Users\U1004575\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND


Now click Delete on the right hand column under Options

-------------

Then............

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Thanks again, MrC.

 

No, I do not recognize C:\Users\U1004575\Desktop\web.EXE, nor do I even see it on my desktop.

 

I removed UPDATE~1.EXE using Rogue Killer.

 

Here is the report after cleaning using AdwCleaner:

 

# AdwCleaner v3.018 - Report created 09/02/2014 at 10:00:32

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : U1004575 - U1004575-W7A

# Running from : C:\Users\U1004575\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com

Folder Deleted : C:\Program Files (x86)\eSupport.com

Folder Deleted : C:\Users\U1004575\AppData\Local\Coupon Companion Plugin

Folder Deleted : C:\Users\U1004575\AppData\Local\PackageAware

Folder Deleted : C:\Users\U1004575\AppData\Local\WordLayers

Folder Deleted : C:\Users\U1004575\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\U1004575\AppData\Roaming\DSite

Folder Deleted : C:\Users\U1004575\AppData\Roaming\strongvault

File Deleted : C:\END

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

File Deleted : C:\Users\U1004575\AppData\Roaming\Mozilla\Firefox\Profiles\aodp1hvs.default\searchplugins\safesearch.xml

File Deleted : C:\Users\U1004575\AppData\Roaming\Mozilla\Firefox\Profiles\aodp1hvs.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Description

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\PIP

Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v19.0 (en-US)

 

[ File : C:\Users\U1004575\AppData\Roaming\Mozilla\Firefox\Profiles\aodp1hvs.default\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\U1004575\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3668 octets] - [09/02/2014 09:58:42]

AdwCleaner[s0].txt - [3124 octets] - [09/02/2014 10:00:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3184 octets] ##########

 

 

And here is the report after another full scan with Malwarebytes:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.09.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

U1004575 :: U1004575-W7A [administrator]

 

Protection: Enabled

 

2/9/2014 10:05:50 AM

mbam-log-2014-02-09 (10-05-50).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 888687

Time elapsed: 4 hour(s), 13 minute(s), 51 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[V2][sUSP PATH] {3EFB9166-CB90-4D14-B7A8-89748A4B1A88} : C:\Users\U1004575\Desktop\web.EXE [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Then................

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Unfortunately, I have no options to disable it. Just uninstall it, and if I did that, I'll probably be blocked from logging into the company's domain.

 

If I let our IT people know what I'm doing to try to resolve this issue, they'll probably have me send the machine in to them (I work remotely in Delaware, and they are in NY).

 

If you think it might help to run ComboFix with the virus software active, I can do that.

 

Again, thanks so much for your time.

 

--Steven

Link to post
Share on other sites

Do this instead:
Download aswMBR to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

Then.........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

You have Defender enabled, you shouldn't have this....you have Trend enabled and running.

I suggest you disable it:

How to Disable Defender

Dangers of running 2 anti-virus programs

------------------------------

 

C:\$Recycle.Bin\S-1-5-21-1042883198-748202677-1346798384-40443\$61ceb79ed1ef457718a4638ace790691

 

This is part of a backdoor trojan capable of........

remotely control your computer, steal critical system information and download and execute files.

 

-----------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Clean out temp files: (may require a reboot)

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Let me know how it is.....MrC

Link to post
Share on other sites

OK. TFC ran and removed a lot of stuff with no errors.

 

MalwareBytes hasn't reported one of the blocked IP addresses that started this whole thing since a couple of days ago according to its logs, and I haven't seen any pop-up warnings either.

 

Is there a next step? Anything you need me to do to verify that the Trojan you found is gone?

 

And again, I appreciate your help!

Link to post
Share on other sites

Update and do a quick scan with your Trend

Then............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Done. Trend came up clean, and here is checkup.txt from Security Check:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro OfficeScan Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Altova XMLSpy® 2010 Enterprise Edition 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Wise Registry Cleaner 7.89  
 Java 6 Update 38  
 Java 7 Update 51  
 Adobe Reader XI  
 Mozilla Firefox 19.0 Firefox out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Trend Micro OfficeScan Client pccntmon.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Online Backup OnlineBackup.exe   
 Trend Micro OfficeScan Client ntrtscan.exe  
 Trend Micro OfficeScan Client tmlisten.exe  
 Trend Micro OfficeScan Client CNTAoSMgr.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mozilla Firefox 19.0 Firefox out of Date! <----please check for an update if available.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.