Jump to content

Recommended Posts

I am getting random background noise (mostly ads) when I am on various webpages.  (Like now, and all I have open is the malwarebytes page.)

 

Here are my logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Leslie at 19:18:27 on 2014-04-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1939 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\gk0ks86b.default-1384008138800\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\leslie\appdata\local\citrix\plugins\104\npappdetector.dll
FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-3 81920]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2013-3-11 1248256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-25 195400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-7 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-15 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-15 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2010-10-4 486176]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2012-11-21 26496]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
.
=============== Created Last 30 ================
.
2014-04-07 04:18:22 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-12 18:08:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 18:08:06 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-12 18:07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 18:07:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 18:07:43 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 18:07:43 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-12 18:07:43 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 18:07:43 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-12 18:07:33 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-12 18:07:33 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-12 18:06:35 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-12 18:06:35 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-12 18:06:35 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-12 18:06:35 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-12 18:06:35 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-12 18:06:35 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-03-12 18:06:35 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-12 18:06:35 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-12 18:06:35 390144 ----a-w- c:\windows\system32\msdrm.dll
.
==================== Find3M  ====================
.
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 19:18:48.04 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/16/2010 4:24:46 PM
System Uptime: 4/7/2014 7:01:46 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0CKCXH
Processor: Intel® Core2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 345.627 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP278: 3/11/2014 12:52:17 AM - Scheduled Checkpoint
RP279: 3/12/2014 2:08:11 PM - Windows Update
RP280: 3/12/2014 3:17:09 PM - Windows Modules Installer
RP281: 3/12/2014 3:25:29 PM - Windows Modules Installer
RP282: 3/12/2014 3:41:05 PM - Windows Modules Installer
RP283: 3/12/2014 3:50:10 PM - Windows Update
RP284: 3/20/2014 1:41:09 PM - Scheduled Checkpoint
RP285: 3/28/2014 11:28:12 AM - Scheduled Checkpoint
RP286: 4/5/2014 11:02:11 AM - Scheduled Checkpoint
RP287: 4/7/2014 12:17:53 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
AIO_Scan
Aleks 3.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C7200
C7200_Help
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX120 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix Online Launcher
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Copy
Dell Backup and Recovery Manager
Dell Edoc Viewer
Destinations
DeviceDiscovery
DocProc
Dropbox
ESET Online Scanner v3
Fax
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
GPBaseService2
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes
iVideo Converter
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
LEGO MINDSTORMS EV3
LEGO MINDSTORMS EV3 Home Content
LEGO MINDSTORMS EV3 Home Edition
LEGO MINDSTORMS EV3 Home English Support
LEGO MINDSTORMS EV3 Uninstaller
LEGO MINDSTORMS NXT Driver
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Maxtor Backup
Maxtor OneTouch III
Memeo Instant Backup
MFCLOC
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NETGEAR Genie
Network
NI .NET Framework 4
NI EulaDepot
NI MDF Support
NI Security Update (KB 67L8LCQW)
NI Uninstaller
NI VC2008MSMs x86
OCR Software by I.R.I.S. 13.0
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickBooks
QuickBooks Pro 2013
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Symantec pcAnywhere
System Requirements Lab for Intel
Toolbox
TrayApp
UnloadSupport
ViewChoice
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WebReg
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
4/7/2014 7:17:22 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/7/2014 7:02:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/7/2014 7:02:05 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
4/7/2014 7:02:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect.
4/7/2014 7:02:03 PM, Error: Service Control Manager [7000]  - The NETGEARGenieDaemon service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/7/2014 6:58:31 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/6/2014 4:46:14 PM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
4/4/2014 1:43:54 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
4/4/2014 1:43:54 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
 

Thank you.

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here is my malwarebytes scan results:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.07.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
Leslie :: LESLIE-PC [administrator]

4/7/2014 8:23:37 PM
mbam-log-2014-04-07 (20-23-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303658
Time elapsed: 21 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

I will run RogueKiller 32 now, and I will post the results when that is done.

Link to post
Share on other sites

Here are the RogueKiller results:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Leslie [Admin rights]
Mode : Scan -- Date : 04/07/2014 20:57:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F009AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F20731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F008ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F0E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F0D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F0D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F13B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F235E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F206CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F004BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F00473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F005DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F00FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F0165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFBF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F223B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F006E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F13FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F03611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F039D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F222E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F13274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F229C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F01081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F03CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EF73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F13D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F00134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F0CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73EFB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2068D)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4CF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxØk) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4EB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4D217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4E1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73A4DD99)
[Address] EAT @explorer.exe (DriverProc) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD3FEE)
[Address] EAT @explorer.exe (midMessage) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD817A)
[Address] EAT @explorer.exe (modMessage) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD7F0C)
[Address] EAT @explorer.exe (mxdMessage) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD3F5C)
[Address] EAT @explorer.exe (widMessage) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD65C3)
[Address] EAT @explorer.exe (wodMessage) : fdwcn.dll -> HOOKED (C:\Windows\system32\wdmaud.drv @ 0x6BCD4AB6)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721050SLA360 +++++
--- User ---
[MBR] 2143692800a98f08d71c2b6087a5a773
[bSP] 52e0c7505f94d3a1ca58f5234673e0b1 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart C7200 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04072014_205737.txt >>

 

 

Link to post
Share on other sites

Lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix results:

 

ComboFix 14-04-06.01 - Leslie 04/07/2014  23:07:04.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.2053 [GMT -4:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\sysprep\cryptbase.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-08 to 2014-04-08  )))))))))))))))))))))))))))))))
.
.
2014-04-08 03:13 . 2014-04-08 03:14 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2014-04-08 03:13 . 2014-04-08 03:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-08 03:13 . 2014-04-08 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-07 04:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-17 19:40 . 2014-03-17 19:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\Roxio
2014-03-12 18:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 18:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-12 18:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 18:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 18:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 18:07 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 18:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-12 18:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-12 18:07 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-12 18:07 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-12 18:06 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-12 18:06 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-12 18:06 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-12 18:06 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-12 18:06 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-12 18:06 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-27 20:46 . 2014-01-27 20:46 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-27 20:46 . 2014-01-27 20:46 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-27 20:46 . 2014-01-27 20:46 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-27 20:46 . 2014-01-27 20:46 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-27 20:46 . 2014-01-27 20:46 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-27 20:46 . 2014-01-27 20:46 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-27 20:46 . 2014-01-27 20:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-27 20:46 . 2014-01-27 20:46 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-27 20:46 . 2014-01-27 20:46 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-27 20:46 . 2014-01-27 20:46 337408 ----a-w- c:\windows\system32\html.iec
2014-01-27 20:46 . 2014-01-27 20:46 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-27 20:46 . 2014-01-27 20:46 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-27 20:46 . 2014-01-27 20:46 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-27 20:46 . 2014-01-27 20:46 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-27 20:46 . 2014-01-27 20:46 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-27 20:46 . 2014-01-27 20:46 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-27 20:46 . 2014-01-27 20:46 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-27 20:46 . 2014-01-27 20:46 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2010-11-20 . 82510924F39EB70312D0BBFC46063CB4 . 378368 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707]
2013-06-19 16:11 265096 ----a-w- c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2012-11-21 19:01 137088 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie]
2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2014-01-27 20:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 08757954
*Deregistered* - 08757954
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\
FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-08757954.sys
MSConfigStartUp-disks-sd - c:\programdata\audiults.dll
.
.
.
Completion time: 2014-04-07  23:15:53
ComboFix-quarantined-files.txt  2014-04-08 03:15
.
Pre-Run: 370,345,091,072 bytes free
Post-Run: 370,684,768,256 bytes free
.
- - End Of File - - EE695EC044D1A03A677D3A16E88EEF82
CDB4DE4BBD714F152979DA2DCBEF57EB
 

Link to post
Share on other sites

Any logs show be located in C:\

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt to the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Thank you.  I found the TDSS logs.  Here is the first one:

 

22:51:54.0070 0x1214  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
22:51:59.0854 0x1214  ============================================================
22:51:59.0854 0x1214  Current date / time: 2014/04/07 22:51:59.0854
22:51:59.0854 0x1214  SystemInfo:
22:51:59.0854 0x1214 
22:51:59.0854 0x1214  OS Version: 6.1.7601 ServicePack: 1.0
22:51:59.0854 0x1214  Product type: Workstation
22:51:59.0854 0x1214  ComputerName: LESLIE-PC
22:51:59.0854 0x1214  UserName: Leslie
22:51:59.0854 0x1214  Windows directory: C:\Windows
22:51:59.0854 0x1214  System windows directory: C:\Windows
22:51:59.0854 0x1214  Processor architecture: Intel x86
22:51:59.0854 0x1214  Number of processors: 2
22:51:59.0854 0x1214  Page size: 0x1000
22:51:59.0854 0x1214  Boot type: Normal boot
22:51:59.0854 0x1214  ============================================================
22:52:01.0929 0x1214  KLMD registered as C:\Windows\system32\drivers\38279116.sys
22:52:02.0007 0x1214  System UUID: {CEF7E71D-43BB-2082-BA86-94E103AEF462}
22:52:02.0397 0x1214  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:02.0397 0x1214  ============================================================
22:52:02.0397 0x1214  \Device\Harddisk0\DR0:
22:52:02.0397 0x1214  MBR partitions:
22:52:02.0397 0x1214  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:52:02.0397 0x1214  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
22:52:02.0397 0x1214  ============================================================
22:52:02.0412 0x1214  C: <-> \Device\Harddisk0\DR0\Partition2
22:52:02.0412 0x1214  ============================================================
22:52:02.0412 0x1214  Initialize success
22:52:02.0412 0x1214  ============================================================
22:53:42.0887 0x16e8  KLMD registered as C:\Windows\system32\drivers\53851343.sys
22:53:44.0197 0x16e8  Deinitialize success
 

Link to post
Share on other sites

Here is the ComboFix log:

 

ComboFix 14-04-08.01 - Leslie 04/08/2014  14:31:22.4.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.2012 [GMT -4:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
Command switches used :: c:\users\Leslie\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache\rpcss.dll --> c:\windows\System32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2014-03-08 to 2014-04-08  )))))))))))))))))))))))))))))))
.
.
2014-04-08 18:38 . 2014-04-08 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-08 18:38 . 2014-04-08 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-08 03:15 . 2014-04-08 18:38 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2014-04-07 04:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-17 19:40 . 2014-03-17 19:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\Roxio
2014-03-12 18:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 18:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-12 18:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 18:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 18:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 18:07 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 18:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-12 18:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-12 18:07 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-12 18:07 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-12 18:06 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-12 18:06 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-12 18:06 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-12 18:06 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-12 18:06 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-12 18:06 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-27 20:46 . 2014-01-27 20:46 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-27 20:46 . 2014-01-27 20:46 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-27 20:46 . 2014-01-27 20:46 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-27 20:46 . 2014-01-27 20:46 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-27 20:46 . 2014-01-27 20:46 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-27 20:46 . 2014-01-27 20:46 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-27 20:46 . 2014-01-27 20:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-27 20:46 . 2014-01-27 20:46 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-27 20:46 . 2014-01-27 20:46 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-27 20:46 . 2014-01-27 20:46 337408 ----a-w- c:\windows\system32\html.iec
2014-01-27 20:46 . 2014-01-27 20:46 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-27 20:46 . 2014-01-27 20:46 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-27 20:46 . 2014-01-27 20:46 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-27 20:46 . 2014-01-27 20:46 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-27 20:46 . 2014-01-27 20:46 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-27 20:46 . 2014-01-27 20:46 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-27 20:46 . 2014-01-27 20:46 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-27 20:46 . 2014-01-27 20:46 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707]
2013-06-19 16:11 265096 ----a-w- c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2012-11-21 19:01 137088 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie]
2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2014-01-27 20:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\
FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4756)
c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2014-04-08  14:39:15
ComboFix-quarantined-files.txt  2014-04-08 18:39
ComboFix2.txt  2014-04-08 03:15
.
Pre-Run: 370,464,608,256 bytes free
Post-Run: 370,423,304,192 bytes free
.
- - End Of File - - 03C62A73A0D0EF208505796511D37D18
CDB4DE4BBD714F152979DA2DCBEF57EB
 

Link to post
Share on other sites

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Results of AdwCleaner:

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 17:27:12
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Leslie - LESLIE-PC
# Running from : C:\Users\Leslie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\prefs.js ]

*************************

AdwCleaner[R0].txt - [1195 octets] - [08/04/2014 17:23:51]
AdwCleaner[s0].txt - [1126 octets] - [08/04/2014 17:27:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1186 octets] ##########
 

Running Malwarebytes now...

Link to post
Share on other sites

Results of malwarebytes scan:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.08.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
Leslie :: LESLIE-PC [administrator]

4/8/2014 5:31:47 PM
mbam-log-2014-04-08 (17-31-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296029
Time elapsed: 22 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

There is still random background noise.  It was doing it while malwarebytes was running, but has stopped now.  (As an aside, malwarebytes takes a while to run.  There are lots of temporary internet files with content.ie5.  For some reason these don't go away when I do a disk cleanup.)  Thanks.

Link to post
Share on other sites

For now run TFC to clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

At some point you should install CCleaner:
Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

----------------------------------------------

Run TDSSKiller as before and post/attach the new logs.

MrC

Link to post
Share on other sites

TDSS logs:

 

08:52:31.0374 0x14ec  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
08:52:35.0428 0x14ec  ============================================================
08:52:35.0428 0x14ec  Current date / time: 2014/04/09 08:52:35.0428
08:52:35.0428 0x14ec  SystemInfo:
08:52:35.0428 0x14ec 
08:52:35.0428 0x14ec  OS Version: 6.1.7601 ServicePack: 1.0
08:52:35.0428 0x14ec  Product type: Workstation
08:52:35.0428 0x14ec  ComputerName: LESLIE-PC
08:52:35.0428 0x14ec  UserName: Leslie
08:52:35.0428 0x14ec  Windows directory: C:\Windows
08:52:35.0428 0x14ec  System windows directory: C:\Windows
08:52:35.0428 0x14ec  Processor architecture: Intel x86
08:52:35.0428 0x14ec  Number of processors: 2
08:52:35.0428 0x14ec  Page size: 0x1000
08:52:35.0428 0x14ec  Boot type: Normal boot
08:52:35.0428 0x14ec  ============================================================
08:52:37.0410 0x14ec  KLMD registered as C:\Windows\system32\drivers\99978900.sys
08:52:37.0470 0x14ec  System UUID: {CEF7E71D-43BB-2082-BA86-94E103AEF462}
08:52:37.0750 0x14ec  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:52:37.0760 0x14ec  ============================================================
08:52:37.0760 0x14ec  \Device\Harddisk0\DR0:
08:52:37.0760 0x14ec  MBR partitions:
08:52:37.0760 0x14ec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:52:37.0760 0x14ec  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
08:52:37.0760 0x14ec  ============================================================
08:52:37.0770 0x14ec  C: <-> \Device\Harddisk0\DR0\Partition2
08:52:37.0770 0x14ec  ============================================================
08:52:37.0770 0x14ec  Initialize success
08:52:37.0770 0x14ec  ============================================================
08:52:44.0133 0x1114  KLMD registered as C:\Windows\system32\drivers\45226515.sys
08:52:45.0363 0x1114  Deinitialize success
 

Link to post
Share on other sites

Run TDSSKiller again and see if you can Cure this one only (Don't Delete!!!)

08:58:21.0361 0x0a70 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
08:58:21.0361 0x0a70 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip


Chose Delete for this one:
08:58:21.0371 0x0a70 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:58:21.0371 0x0a70 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


MrC

Link to post
Share on other sites

Here it is:

 

ComboFix 14-04-09.02 - Leslie 04/09/2014  10:39:25.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1933 [GMT -4:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-09 to 2014-04-09  )))))))))))))))))))))))))))))))
.
.
2014-04-09 14:44 . 2014-04-09 14:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-09 14:44 . 2014-04-09 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-08 21:23 . 2014-04-08 21:27 -------- d-----w- C:\AdwCleaner
2014-04-08 03:15 . 2014-04-09 14:44 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2014-04-07 04:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-17 19:40 . 2014-03-17 19:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\Roxio
2014-03-12 18:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 18:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-12 18:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 18:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 18:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 18:07 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 18:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-12 18:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-12 18:07 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-12 18:07 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-12 18:06 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-12 18:06 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-12 18:06 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-12 18:06 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-12 18:06 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-12 18:06 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-12 18:06 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-27 20:46 . 2014-01-27 20:46 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-27 20:46 . 2014-01-27 20:46 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-27 20:46 . 2014-01-27 20:46 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-27 20:46 . 2014-01-27 20:46 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-27 20:46 . 2014-01-27 20:46 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-27 20:46 . 2014-01-27 20:46 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-27 20:46 . 2014-01-27 20:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-27 20:46 . 2014-01-27 20:46 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-27 20:46 . 2014-01-27 20:46 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-27 20:46 . 2014-01-27 20:46 337408 ----a-w- c:\windows\system32\html.iec
2014-01-27 20:46 . 2014-01-27 20:46 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-27 20:46 . 2014-01-27 20:46 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-27 20:46 . 2014-01-27 20:46 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-27 20:46 . 2014-01-27 20:46 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-27 20:46 . 2014-01-27 20:46 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-27 20:46 . 2014-01-27 20:46 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-27 20:46 . 2014-01-27 20:46 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-27 20:46 . 2014-01-27 20:46 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2010-11-20 . 6E91B8D65A3884E464C1CA26E37F1DF1 . 380928 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707]
2013-06-19 16:11 265096 ----a-w- c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2012-11-21 19:01 137088 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie]
2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2014-01-27 20:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 20464624
*Deregistered* - 20464624
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\
FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-20464624.sys
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3228)
c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2014-04-09  10:45:09
ComboFix-quarantined-files.txt  2014-04-09 14:45
ComboFix2.txt  2014-04-08 18:39
ComboFix3.txt  2014-04-08 03:15
.
Pre-Run: 371,894,173,696 bytes free
Post-Run: 371,846,164,480 bytes free
.
- - End Of File - - FB3FE605D8ADE3931E4A31DAD2555AAC
CDB4DE4BBD714F152979DA2DCBEF57EB
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.