Virtual Dr Forums-Computer Tech Support - Intensive Care Unit

trojans

Linda406 — Thu, 23 May 2013 01:19:15 GMT

I am on a Toshiba Laptop with Windows 7. I use I.E.10 but do have Firefox installed. This laptop is mainly for my 9 and 7 year old grandsons to play games on and go to You Tube. About a week ago, I updated everything on the administrator profile, then went to John's profile and did the same. When I went to Tyler's profile to update, all kinds of problems started happening. When the administrator box popped up to give authorization to update, it would not take the password. Two times when I tried to put the password in, the keys were not working at all and yet letters started to appear as if a ghost was typing them. I immediately deleted them both times and restarted the laptop in safe mode where I proceeded to run a virus scan, a malwarebytes scan and a Superantispyware scan. It found 3 Trojans which I quarantined. It ran a bit better but something still was not right. Tonight, I once again updated everything and ran a scan and it found another Trojan. The common denominator seems to be C:\users\verizon\AppData....That is where all these bad things have been found at. I used to use a Verizon modem when on the road with my husband when he drove truck. We have not used that since August of 2012 and I can not get rid of this file. It is almost like it has taken over my grandson Tyler's profile. I am hoping you can help. Thank you in advance.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kenny :: LINDA-PC [administrator]

5/22/2013 8:22:21 PM
MBAM-log-2013-05-22 (20-28-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332010
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\verizon\AppData\Local\Temp\Diagnostics\mtqprue.dll (Trojan.Tracur.DL) -> No action taken.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 1.6.0_37
Run by Kenny at 20:36:46 on 2013-05-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2381 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BL1G47G05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [{ABA99F9A-8FE2-E89A-E99B-E8b85B9AE9B9}] "C:\Program Files (x86)\Alltel Broadband Connect\AvqAutoRun.exe" "C:\Program Files (x86)\Alltel Broadband Connect\mphonetools.exe" /OnPlug=%s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Kenny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{28E38AD4-7CC4-4434-A69C-4921B273F172} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E} : DHCPNameServer = 192.168.3.1 24.93.41.125 24.93.41.126
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SSODL: WebCheck -
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\1basdnn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.usatoday.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Kenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-2-2 55280]
R0 TfFsMon;TfFsMon;C:\windows\System32\drivers\TfFsMon.sys [2010-3-8 65072]
R0 TfSysMon;TfSysMon;C:\windows\System32\drivers\TfSysMon.sys [2010-3-8 59880]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-2-2 482384]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-12 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-12 110816]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
R3 TfNetMon;TfNetMon;C:\windows\System32\drivers\TfNetMon.sys [2010-3-8 41888]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-2-2 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 bcm;WiMAX Network Adapter;C:\windows\System32\drivers\drxvi314_64.sys [2010-2-11 359040]
S3 bcmbusctr;WiMAX Bus Driver;C:\windows\System32\drivers\BcmBusCtr_64.sys [2010-2-11 62976]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\windows\System32\drivers\NwUsbCdFil64.sys [2010-5-16 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\windows\System32\drivers\nwusbser2.sys [2010-5-16 213376]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;C:\windows\System32\drivers\PTDLBus.sys [2010-3-9 66304]
S3 PTDLMdm;PANTECH UM175AL Drivers;C:\windows\System32\drivers\PTDLMdm.sys [2010-3-9 70784]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;C:\windows\System32\drivers\PTDLVsp.sys [2010-3-9 66688]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;C:\windows\System32\drivers\PTDLWWAN.sys [2010-3-9 84480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-2-2 222208]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-3-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-22 23:51:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDC91698-DC14-4D6F-856E-3633BF4FFF04}\offreg.dll
2013-05-22 23:44:24 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDC91698-DC14-4D6F-856E-3633BF4FFF04}\mpengine.dll
2013-05-17 23:10:41 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-17 23:10:41 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-17 23:10:41 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-17 23:10:36 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-05-17 23:10:18 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-17 23:10:18 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-17 23:09:57 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-17 23:09:56 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-17 23:09:56 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-17 23:09:56 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-09 23:32:40 83160 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2013-04-26 06:04:52 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-18 02:44:43 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-18 02:44:43 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 06:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-03-29 00:44:59 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2013-03-29 00:44:59 100712 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
.
============= FINISH: 20:39:35.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/8/2010 3:59:09 PM
System Uptime: 5/22/2013 8:30:19 PM (0 hours ago)
.
Motherboard: TOSHIBA | | NBWAA
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 226.884 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP817: 5/19/2013 7:27:36 AM - Windows Update
RP818: 5/19/2013 9:41:22 AM - Windows Update
RP819: 5/19/2013 2:17:39 PM - Windows Update
RP820: 5/19/2013 4:24:57 PM - Windows Update
RP821: 5/22/2013 7:43:30 PM - Windows Update
RP822: 5/22/2013 7:57:38 PM - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3DVIA player 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Apple Software Update
Auslogics Disk Defrag
Auslogics Registry Cleaner
Avira Free Antivirus
Best Buy pc app
CleanUp!
Compatibility Pack for the 2007 Office system
D3DX10
Dora the Explorer - Swiper's Big Adventure
Final Drive Fury
Final Drive: Nitro
Foxit Reader
Google Earth Plug-in
Google Update Helper
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Help
HP Deskjet 3520 series Product Improvement Study
HP Deskjet 3520 series Setup Guide
HP FWUpdateEDO2
HP Photo Creations
HP Update
HPDiagnosticAlert
Intel(R) Graphics Media Accelerator Driver
Intel� Matrix Storage Manager
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nokia PC Internet Access
Pirate101
PlayReady PC Runtime amd64
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Slingo Quest (remove only)
SpywareBlaster 5.0
SUPERAntiSpyware
SUPERAntiSpyware Free Edition
swMSM
Synaptics Pointing Device Driver
ThreatFire
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Utility Common Driver
Weather
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
5/19/2013 7:04:07 AM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
5/19/2013 7:03:29 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
5/19/2013 4:25:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 suites (KB2687499).
5/19/2013 4:25:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2007 suites (KB2596660).
5/19/2013 4:25:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 suites (KB2687311).
5/19/2013 4:25:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2007 suites (KB2596848).
5/19/2013 4:25:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 suites (KB2596615).
5/19/2013 4:25:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2007 suites (KB2760416).
5/18/2013 8:51:56 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
5/17/2013 9:13:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:34:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/17/2013 8:34:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2013 8:34:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/17/2013 8:34:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/17/2013 8:34:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2013 8:34:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/17/2013 8:32:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
5/17/2013 8:32:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2013 8:32:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:32:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:32:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2013 8:32:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

IE opening unexpectedly, ad pages appearing

shazbot — Wed, 22 May 2013 23:12:51 GMT

Got a PC where Firefox is the default browser, but IE keeps opening up on its own at random intervals, mostly to MSN's page, but a bunch of ad pages opened up as well when the PC was left on overnight. No sign of anything in Malwarebytes, and I don't think I saw anything in DDS either:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
John :: JOHNB-PC [administrator]

5/22/2013 8:16:07 AM
mbam-log-2013-05-22 (08-16-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280867
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2011 4:28:44 PM
System Uptime: 5/21/2013 9:04:39 AM (26 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | J3E1 | 3163/1333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 69 GiB total, 7.438 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 122.793 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
6000E609_BasicWeb
6000E609_Help_BasicWeb
Active@ KillDisk
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Allway Sync version 12.0.8
Application Verifier x86 External Package
Bing Bar
BPDSoftware_Ini
BufferChm
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
CDCheck
CPUID CPU-Z 1.60.1
D3DX10
Dell Software Uninstall
DVDx 4.0 Open Edition
Eraser 6.0.10.2620
ESWIN_USB 0.6j
Google Chrome
Google Drive
Google Update Helper
GoToMeeting 5.1.0.880
HandBrake 0.9.5
HP Officejet 6000 E609 Series
ImgBurn
Java 7 Update 21
Java Auto Updater
join.me
Kits Configuration Installer
Lexmark Software Uninstall
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Network
NirSoft ProduKey
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Outlook Setup Tool
Panda USB Vaccine 1.0.1.4
PrimoPDF -- brought to you by Nitro PDF Software
ScanSnap Manager
SDK Debuggers
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Toolbox
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual CertExam Suite
VMware Infrastructure Client 2.5
WebReg
Windows App Certification Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Software Development Kit
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Metro style Apps
Windows Software Development Kit for Metro style Apps DirectX x86 Remote
Windows Software Development Kit Redistributables
WinRAR 4.11 (32-bit)
WPT Redistributables
WPTx86
.
==== Event Viewer Messages From Past Week ========
.
5/22/2013 9:54:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/21/2013 9:05:06 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/21/2013 9:04:49 AM, Error: Microsoft-Windows-Kernel-Processor-Power [34] - Idle power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
5/21/2013 9:04:49 AM, Error: Microsoft-Windows-Kernel-Processor-Power [34] - Idle power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
5/21/2013 9:03:11 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2013 8:56:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/21/2013 8:56:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/21/2013 8:56:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2013 8:56:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/21/2013 8:56:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by John at 11:15:57 on 2013-05-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2045.829 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Macromedia] Rundll32.exe c:\users\john\appdata\local\macromedia\wlskarbl.dll,rwfhojsssifpsripc
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 66.75.164.89 66.75.164.90
TCP: Interfaces\{64FB77B1-6D0D-4842-B331-A569DC71F8B0} : NameServer = 172.16.0.9
TCP: Interfaces\{64FB77B1-6D0D-4842-B331-A569DC71F8B0} : DHCPNameServer = 66.75.164.89 66.75.164.90
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\ksjcp6a1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\john\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ksjcp6a1.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\ksjcp6a1.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-5-2 24328]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-12-18 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-1-24 47640]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 dcdbas;System Management Driver;c:\windows\system32\drivers\dcdbas32.sys [2011-12-7 26624]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 iscFlash;iscFlash;c:\users\john\appdata\local\temp\7zse83b.tmp\iscflash.sys [2013-5-7 35840]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2011-11-2 3567]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-20 1343400]
S4 BotkindSyncService;Botkind Service;c:\program files\allway sync\bin\syncservice.exe service --> c:\program files\allway sync\bin\SyncService.exe service [?]
.
=============== Created Last 30 ================
.
2013-05-22 16:16:50 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea7ad753-97a5-422a-aeed-743fc5193c22}\mpengine.dll
2013-05-21 21:07:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-21 15:19:46 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6a2fddf-599f-4f57-8581-e3582e999021}\gapaengine.dll
2013-05-21 15:19:26 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-17 17:25:51 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-15 08:54:12 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 08:54:12 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 08:54:11 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 08:54:08 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:54:07 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:54:02 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 08:54:01 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 08:54:00 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-07 23:45:24 -------- d-----w- C:\swsetup
2013-04-23 18:36:55 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-14 23:26:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 23:26:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 19:33:56 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-12 19:33:56 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 11:16:26.14 ===============

[Inactive] ID Stolen from System Even When Scans Says It's Clean ?

slickcondo — Tue, 21 May 2013 21:22:32 GMT

I am using a laptop running on XP and IE8. All Windows security releases are up to date as well as my AVG, Super Antispyware, Malwarebytes Anti-Malware and Zone Alarm Firewall programs. Apart from Zone Alarm, all the rest of the programs are run once a day and they always comes up clean except for tracking cookies (usually picked up by Super Antispyware) which are then deleted.

Two days ago, I got a SMS text on my mobile phone from my mobile phone company to say that my order will be delivered by a certain date. As I didn't placed any order, I phoned to find out more and discovered that someone has changed my home address with my phone supplier via the mobile phone company's website and has ordered a new mobile phone to be delivered to that new address. Effectively, this meant that my login password is compromised and I am wondering how could this be when all the Antivirus and Malware scans didn't picked up any "invaders". Besides my login password are only hints to remind me and is not actually stated right out in any folder.

I am hoping some light could be shed on here to solve this puzzle. I post the 3logs as advised by the guidelines for this forum (the two DD log here and the AntiMalware report separately). Any comments and help to clarify this mystery and to reassure my system is clean will be greatly appreciated. Many thanks.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Richard at 21:21:10 on 2013-05-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1043 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Fighters\SPAMfighter\sfus.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fighters\SPAMfighter\s***ent.exe
C:\Program Files\Magitime\magitime.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/?p=us
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [s***ent] c:\program files\fighters\spamfighter\s***ent.exe
mRun: [Magitime] c:\program files\magitime\magitime.exe
mRun: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\SysRestorePoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %windir%\system32\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350240650597
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\richard\application data\mozilla\firefox\profiles\782gmubq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-04-20 20:31; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 00081a90000000000000000e50f38aef
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15785
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.08:38:38
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 39224]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-4-16 16504]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2012-10-14 9216]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-10-14 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-10-14 83392]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2012-7-6 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-1-12 61296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 182072]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-9-19 38816]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-29 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-4-30 103120]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-4-30 174320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-29 527848]
R1 xlkfs;xlkfs;c:\windows\system32\drivers\xlkfs.sys [2011-9-10 18432]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-4-30 1124632]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2013-4-16 254072]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\spamfighter\sfus.exe [2013-1-15 216608]
R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2012-11-12 1270376]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2013-1-11 4096]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-10-14 41216]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2012-10-14 71961]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2013-1-12 40320]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2012-10-14 812544]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-1-11 11520]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2013-2-18 283600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870UVCx86.sys [2012-10-14 70144]
S3 DCamUSBTP10;Qmax Webcam;c:\windows\system32\drivers\TP6810.SYS [2013-1-11 241704]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;c:\windows\system32\drivers\psmounterex.sys [2013-4-16 55416]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-4-26 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-4-26 10200]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2012-10-14 30976]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2013-1-12 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2013-1-12 12672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2013-4-9 16640]
.
=============== Created Last 30 ================
.
2013-05-20 09:56:05 -------- d--h--w- c:\windows\PIF
2013-05-18 21:58:07 5888 ------w- c:\windows\system32\drivers\imagedrv.sys
2013-05-18 21:58:07 127488 ------w- c:\windows\system32\drivers\imagesrv.sys
2013-05-18 21:57:52 476320 ------w- c:\windows\system32\ImagXpr7.dll
2013-05-18 21:57:52 471040 ------w- c:\windows\system32\ImagXRA7.dll
2013-05-18 21:57:52 364544 ------w- c:\windows\system32\TwnLib4.dll
2013-05-18 21:57:52 262144 ------w- c:\windows\system32\ImagXR7.dll
2013-05-18 21:57:52 1568768 ------w- c:\windows\system32\ImagX7.dll
2013-05-18 21:57:52 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2013-05-18 21:57:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2013-05-18 09:03:47 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-05-15 21:01:30 -------- d-----w- c:\program files\BBC iPlayer Desktop
2013-05-15 20:17:56 -------- d-----w- c:\documents and settings\richard\application data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2013-05-12 08:26:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-05-12 08:26:45 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-11 15:37:40 -------- d-----w- c:\documents and settings\richard\local settings\application data\Wondershare
2013-05-11 15:37:38 -------- d-----w- c:\program files\common files\Wondershare
2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-09 17:37:07 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2013-05-09 17:14:22 -------- d-----w- c:\documents and settings\richard\local settings\application data\Nero
2013-05-09 16:53:28 -------- d-----w- c:\documents and settings\all users\application data\Nero
2013-05-06 17:11:47 -------- d-----w- C:\CruzerLock2_setup
2013-05-06 10:35:46 -------- d-----w- c:\documents and settings\richard\local settings\application data\PC_Drivers_Headquarters
2013-05-06 09:56:15 -------- d-----w- C:\My Files
2013-05-06 08:57:32 -------- d-----w- c:\documents and settings\richard\application data\SanDisk SecureAccess
2013-05-06 08:44:31 1208320 ----a-w- c:\windows\system32\PTxSCP.ocx
2013-05-06 08:44:30 389120 ----a-w- c:\windows\system32\actskn43.ocx
2013-05-05 13:43:54 -------- d-----w- c:\documents and settings\richard\application data\AVG
2013-05-05 13:42:55 -------- d-----w- c:\documents and settings\all users\application data\AVG
2013-05-05 13:42:42 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-05 11:59:23 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
2013-05-03 19:02:58 -------- d-----w- c:\documents and settings\richard\application data\DriverCure
2013-05-03 19:02:57 -------- d-----w- c:\documents and settings\richard\application data\SpeedMaxPc
2013-05-03 19:02:40 -------- d-----w- c:\program files\common files\SpeedMaxPc
2013-05-03 19:02:39 -------- d-----w- c:\program files\SpeedMaxPc
2013-05-03 19:02:39 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2013-05-02 18:45:10 -------- d-----w- c:\documents and settings\richard\My Vaults
2013-05-02 16:55:05 -------- d-----w- c:\documents and settings\richard\application data\SanDisk
2013-05-02 16:53:47 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2013-04-30 20:59:06 172032 ----a-w- c:\windows\system32\igfxres.dll
2013-04-30 20:20:09 -------- d-----w- c:\program files\Defraggler
2013-04-30 00:28:50 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-04-29 11:21:45 -------- d-----w- c:\documents and settings\richard\application data\Glarysoft
2013-04-28 13:33:34 -------- d-----w- c:\windows\pss
2013-04-26 10:41:29 2888384 ----a-w- c:\windows\system32\pwNative.exe
2013-04-26 10:41:28 15576 ------w- c:\windows\system32\pwdrvio.sys
2013-04-26 10:41:27 10200 ------w- c:\windows\system32\pwdspio.sys
2013-04-26 10:04:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-04-24 08:30:58 -------- d-----w- C:\boot
2013-04-22 20:13:44 -------- d-----w- c:\program files\DivX
2013-04-22 18:35:43 237088 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2013-05-21 11:05:27 23552 ----a-w- c:\windows\xlkfs.dll
2013-05-19 13:02:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 13:02:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 16:11:54 13432 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-04-16 16:11:26 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-04-16 16:11:14 55416 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-04-05 10:49:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-05 10:49:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 19:49:01 4608 ----a-w- c:\windows\system32\bbchlp.dll
2013-03-29 19:49:01 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2013-03-29 19:49:01 30720 ----a-w- c:\windows\system32\bbcap.dll
2013-03-29 01:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-23 01:09:28 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 02:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-01 10:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============ FINISH: 21:26:55.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2012 12:43:31 PM
System Uptime: 5/21/2013 7:04:39 PM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | N/A | 2394/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 29.725 GiB free.
D: is FIXED (NTFS) - 406 GiB total, 98.976 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 931 GiB total, 273.981 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Sony Visual Communication Camera VGP-VCC7
Device ID: USB\VID_05CA&PID_183A\5&28FE086C&0&2
Manufacturer: Ricoh
Name: Sony Visual Communication Camera VGP-VCC7
PNP Device ID: USB\VID_05CA&PID_183A\5&28FE086C&0&2
Service: 5U870UVC
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Alps Pointing-device for VAIO
Device ID: ACPI\SNY9001\4&2FFE84EA&0
Manufacturer: Alps Electric
Name: Alps Pointing-device for VAIO
PNP Device ID: ACPI\SNY9001\4&2FFE84EA&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP760: 5/6/2013 8:36:55 PM - Automatic Restore Point
RP761: 5/7/2013 1:16:18 AM - Automatic Restore Point
RP762: 5/7/2013 9:57:55 AM - Automatic Restore Point
RP763: 5/7/2013 11:58:40 AM - Automatic Restore Point
RP764: 5/7/2013 3:15:24 PM - Automatic Restore Point
RP765: 5/7/2013 7:21:15 PM - Automatic Restore Point
RP766: 5/8/2013 6:53:47 AM - Automatic Restore Point
RP767: 5/8/2013 8:40:01 AM - Automatic Restore Point
RP768: 5/8/2013 3:04:30 PM - Automatic Restore Point
RP769: 5/8/2013 5:57:53 PM - Automatic Restore Point
RP770: 5/9/2013 8:00:32 AM - Automatic Restore Point
RP771: 5/9/2013 9:58:53 AM - Automatic Restore Point
RP772: 5/9/2013 3:13:24 PM - Automatic Restore Point
RP773: 5/9/2013 5:44:20 PM - Automatic Restore Point
RP774: 5/9/2013 5:51:01 PM - Installed DirectX
RP775: 5/9/2013 5:53:16 PM - Installed Nero 8 Essentials
RP776: 5/9/2013 6:04:17 PM - Automatic Restore Point
RP777: 5/9/2013 6:07:39 PM - Automatic Restore Point
RP778: 5/9/2013 6:33:48 PM - Revo Uninstaller's restore point - Nero 8 Essentials
RP779: 5/9/2013 6:36:01 PM - Removed Nero 8 Essentials
RP780: 5/9/2013 6:42:22 PM - Automatic Restore Point
RP781: 5/9/2013 6:42:52 PM - Installed Rapport
RP782: 5/9/2013 6:58:06 PM - Automatic Restore Point
RP783: 5/10/2013 4:08:48 AM - Automatic Restore Point
RP784: 5/10/2013 4:13:04 AM - Automatic Restore Point
RP785: 5/10/2013 8:48:13 AM - Automatic Restore Point
RP786: 5/10/2013 11:12:42 AM - Automatic Restore Point
RP787: 5/10/2013 1:25:36 PM - Automatic Restore Point
RP788: 5/10/2013 7:15:39 PM - Automatic Restore Point
RP789: 5/11/2013 12:18:18 AM - Automatic Restore Point
RP790: 5/11/2013 1:38:27 AM - Automatic Restore Point
RP791: 5/11/2013 1:43:52 AM - Automatic Restore Point
RP792: 5/11/2013 2:13:15 AM - Automatic Restore Point
RP793: 5/11/2013 2:22:12 AM - Automatic Restore Point
RP794: 5/11/2013 7:21:07 AM - Automatic Restore Point
RP795: 5/11/2013 7:35:47 AM - Installed Nero 8 Essentials
RP796: 5/11/2013 7:50:52 AM - Automatic Restore Point
RP797: 5/11/2013 10:04:44 AM - Revo Uninstaller's restore point - Nero 8 Essentials
RP798: 5/11/2013 10:06:37 AM - Removed Nero 8 Essentials
RP799: 5/11/2013 11:39:58 AM - Automatic Restore Point
RP800: 5/11/2013 2:22:37 PM - Automatic Restore Point
RP801: 5/11/2013 4:42:08 PM - Revo Uninstaller's restore point - Wondershare Streaming Audio Recorder(Build 2.1.0.0)
RP802: 5/11/2013 5:00:54 PM - Automatic Restore Point
RP803: 5/11/2013 9:52:30 PM - Automatic Restore Point
RP804: 5/12/2013 7:24:28 AM - Automatic Restore Point
RP805: 5/12/2013 8:41:10 AM - Automatic Restore Point
RP806: 5/12/2013 8:46:18 AM - Restore Operation
RP807: 5/12/2013 8:52:42 AM - Automatic Restore Point
RP808: 5/12/2013 9:00:53 AM - Restore Operation
RP809: 5/12/2013 9:02:30 AM - Automatic Restore Point
RP810: 5/12/2013 9:06:32 AM - Restore Operation
RP811: 5/12/2013 9:08:02 AM - Automatic Restore Point
RP812: 5/12/2013 9:12:46 AM - Restore Operation
RP813: 5/12/2013 9:32:01 AM - Automatic Restore Point
RP814: 5/12/2013 10:02:28 AM - Automatic Restore Point
RP815: 5/12/2013 12:37:51 PM - Automatic Restore Point
RP816: 5/12/2013 2:00:13 PM - Automatic Restore Point
RP817: 5/12/2013 4:23:47 PM - Automatic Restore Point
RP818: 5/12/2013 9:25:59 PM - Automatic Restore Point
RP819: 5/13/2013 2:27:17 AM - Automatic Restore Point
RP820: 5/13/2013 6:35:55 AM - Automatic Restore Point
RP821: 5/13/2013 11:29:16 AM - Automatic Restore Point
RP822: 5/13/2013 8:13:18 PM - Automatic Restore Point
RP823: 5/14/2013 1:30:49 AM - Automatic Restore Point
RP824: 5/14/2013 4:19:20 AM - Automatic Restore Point
RP825: 5/14/2013 6:53:53 AM - Automatic Restore Point
RP826: 5/14/2013 10:57:29 AM - Automatic Restore Point
RP827: 5/14/2013 1:48:45 PM - Automatic Restore Point
RP828: 5/14/2013 7:33:38 PM - Automatic Restore Point
RP829: 5/15/2013 3:46:04 AM - Automatic Restore Point
RP830: 5/15/2013 7:24:44 AM - Automatic Restore Point
RP831: 5/15/2013 9:12:10 AM - Automatic Restore Point
RP832: 5/15/2013 10:20:59 AM - Automatic Restore Point
RP833: 5/15/2013 1:23:21 PM - Automatic Restore Point
RP834: 5/15/2013 5:37:43 PM - Automatic Restore Point
RP835: 5/15/2013 8:32:48 PM - Automatic Restore Point
RP836: 5/15/2013 8:38:34 PM - Automatic Restore Point
RP837: 5/15/2013 8:56:35 PM - Removed BBC iPlayer Desktop
RP838: 5/15/2013 9:12:22 PM - Removed BBC iPlayer Desktop
RP839: 5/15/2013 9:16:03 PM - Automatic Restore Point
RP840: 5/16/2013 2:52:02 AM - Automatic Restore Point
RP841: 5/16/2013 4:09:51 AM - Revo Uninstaller's restore point - Any Video Converter 5.0.5
RP842: 5/16/2013 6:47:36 AM - Automatic Restore Point
RP843: 5/16/2013 6:50:48 AM - Automatic Restore Point
RP844: 5/16/2013 9:26:15 AM - Automatic Restore Point
RP845: 5/16/2013 9:39:30 AM - Installed WD SmartWare
RP846: 5/16/2013 10:05:15 AM - Removed WD SmartWare
RP847: 5/16/2013 10:11:44 AM - Automatic Restore Point
RP848: 5/16/2013 2:24:18 PM - Automatic Restore Point
RP849: 5/16/2013 6:34:35 PM - Automatic Restore Point
RP850: 5/16/2013 8:41:29 PM - Automatic Restore Point
RP851: 5/16/2013 9:06:21 PM - Automatic Restore Point
RP852: 5/17/2013 8:29:00 AM - Automatic Restore Point
RP853: 5/17/2013 8:33:12 AM - Automatic Restore Point
RP854: 5/17/2013 2:15:44 PM - Automatic Restore Point
RP855: 5/17/2013 6:05:16 PM - Automatic Restore Point
RP856: 5/17/2013 8:23:12 PM - Automatic Restore Point
RP857: 5/17/2013 8:51:00 PM - Automatic Restore Point
RP858: 5/17/2013 8:58:40 PM - Automatic Restore Point
RP859: 5/17/2013 10:19:02 PM - Automatic Restore Point
RP860: 5/18/2013 2:13:57 AM - Automatic Restore Point
RP861: 5/18/2013 7:32:53 AM - Automatic Restore Point
RP862: 5/18/2013 7:45:48 AM - Automatic Restore Point
RP863: 5/18/2013 3:54:49 PM - Automatic Restore Point
RP864: 5/18/2013 9:25:19 PM - Automatic Restore Point
RP865: 5/18/2013 9:33:14 PM - Automatic Restore Point
RP866: 5/18/2013 10:13:15 PM - Revo Uninstaller's restore point - Nero 6 Ultra Edition
RP867: 5/18/2013 10:18:02 PM - Automatic Restore Point
RP868: 5/18/2013 10:27:14 PM - Software Distribution Service 3.0
RP869: 5/18/2013 10:31:33 PM - Automatic Restore Point
RP870: 5/18/2013 10:38:59 PM - Automatic Restore Point
RP871: 5/18/2013 10:53:55 PM - Automatic Restore Point
RP872: 5/18/2013 11:24:37 PM - Automatic Restore Point
RP873: 5/19/2013 1:15:21 AM - Automatic Restore Point
RP874: 5/19/2013 4:05:02 AM - Automatic Restore Point
RP875: 5/19/2013 5:16:08 AM - Automatic Restore Point
RP876: 5/19/2013 8:42:46 AM - Automatic Restore Point
RP877: 5/19/2013 9:57:54 AM - Automatic Restore Point
RP878: 5/19/2013 1:59:27 PM - Automatic Restore Point
RP879: 5/19/2013 4:43:13 PM - Automatic Restore Point
RP880: 5/19/2013 8:17:28 PM - Automatic Restore Point
RP881: 5/19/2013 8:21:42 PM - Automatic Restore Point
RP882: 5/20/2013 12:12:33 AM - Automatic Restore Point
RP883: 5/20/2013 8:38:06 AM - Automatic Restore Point
RP884: 5/20/2013 11:26:27 AM - Automatic Restore Point
RP885: 5/20/2013 10:07:56 PM - Automatic Restore Point
RP886: 5/21/2013 2:09:32 AM - Automatic Restore Point
RP887: 5/21/2013 9:01:09 AM - Automatic Restore Point
RP888: 5/21/2013 7:06:45 PM - Automatic Restore Point
.
==== Installed Programs ======================
.
Qmax Webcam Driver
ABBYY FineReader 6.0 Sprint
Acronis True Image WD*Edition
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Any Video Converter 3.5.8
AVG 2013
AxCrypt 1.7.2976.0
Battery Care Function
BB FlashBack Express
BBC iPlayer Desktop
Bluetooth Stack for Windows by Toshiba
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
Defraggler
DivX Setup
Easy File Locker 1.3
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
Eraser 5.82
FastStone Capture 5.3
HDDProtection
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Infineon TPM Professional Package
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Junk Mail filter update
Macrium Reflect Free Edition
Magitime
Malwarebytes Anti-Malware version 1.75.0.1300
mCore
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mMHouse
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mProSafe
MSIcon
MSVCRT
MSXML 6.0 Parser
mWlsSafe
Nero 6 Ultra Edition
neroxml
Protector Suite QL 5.6
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Recuva
Revo Uninstaller 1.94
SanDiskSecureAccess_Manager.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SES Driver
Setting Utility Series
SigmaTel Audio
Skype� 6.3
SmartCamera Ver 2.1
Soft Data Fax Modem with SmartCP
Sony Utilities DLL
SonyImgF
SPAMfighter
SpeedTouch 330
Spell Checker For OE 2.1
Startup Cop
SUPERAntiSpyware
swMSM
tools-windows
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
USB File Transfer 02.106A
USB File Transfer 1.11A
USB PC Camera (SN9C103)
VAIO Control Center
VAIO Event Service
VAIO HDD Protection
VAIO Power Management
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
VMware Player
VMwarePlayer_x86
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
Wireless Switch Setting Utility
Xvid Video Codec
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
5/21/2013 9:12:35 PM, error: PlugPlayManager [12] - The device 'SpeedTouch Ethernet Adapter' (STBUS\STETHID\7&3b4bc5a3&0&0000) disappeared from the system without first being prepared for removal.
5/21/2013 7:05:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/20/2013 9:20:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/20/2013 8:50:11 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/20/2013 8:35:10 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/18/2013 7:45:05 AM, error: Service Control Manager [7000] - The SupportSoft RemoteAssist service failed to start due to the following error: The system cannot find the file specified.
5/17/2013 2:14:50 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
5/15/2013 8:31:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 001CBF5D04A5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Win32/Sirefef.gen!C Please help

shaunwkc — Sat, 18 May 2013 13:08:05 GMT

Good day,

I picked up this error this morning and came across this site. Please may you be of assistance. I have followed the rules and done all as suggested. The logs are below as requested.

Thank you in advance.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Ian James :: SHAUNPEARCE-PC [administrator]

Protection: Enabled

18/05/2013 04:27:45 PM
mbam-log-2013-05-18 (16-27-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276966
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.

(end)
-----------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.21.2
Run by Ian James at 16:54:24 on 2013-05-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.27.1033.18.3062.1614 [GMT 4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\firebird\firebird_2_1\bin\fbguard.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Hola\app\hola_updater.exe
C:\Windows\system32\klpnm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MPICH2\bin\smpd.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\SoundPLAN 7.2\SPUpdateService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\firebird\firebird_2_1\bin\fbserver.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Ian James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
uDefault_Page_URL = http://www.google.com/ig/redirectdom...LGEL&bmod=LGEL
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll
EB: : {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 -
EB: : {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 -
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Google Update] "c:\users\ian james\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [SkyDrive] "c:\users\ian james\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [zOSD] c:\program files\lg software\lg osd\HotKey.exe
mRun: [KeybdUtility] c:\program files\lg software\lg osd\HotKey.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [LG Magnifier] c:\program files\lg software\lg magnifier\MagnifyingGlass.exe
mRun: [LGSR_Menu] "c:\program files\lg software\lg smart recovery\muitransfer\muistartmenu.exe" "c:\program files\lg software\lg smart recovery" updatewithcreateonce software\cyberlink\PowerRecover
mRun: [LG Intelligent Update] "c:\program files\lg_swupdate\giljabistart.exe" Gilautouc
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Yahoo Messenger]
StartupFolder: c:\users\ianjam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\password.lnk - c:\windows\temp\Password.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:16777216
uPolicies-Explorer: NoViewOnDrive = dword:16777216
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
TCP: NameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB} : DHCPNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\241425 : DHCPNameServer = 41.66.150.82 168.210.2.2
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\25943484142544 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\34C4149425 : DHCPNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\75B434 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\84167656D65696765627D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2297E5B5-E00F-404E-9B79-6AC09BBBC7AB}\A41697E214E6E69656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6215427E-E3AB-4AA3-A1C3-79FC4AE4FAF8} : NameServer = 127.0.0.1
TCP: Interfaces\{6B76ED32-C9D9-4A44-9CC1-7FB7BD16BBC7} : DHCPNameServer = 197.84.84.84 196.28.75.200
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\ian james\microsoft office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ian james\appdata\roaming\mozilla\firefox\profiles\axt9qb5g.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.122.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\2.1.2\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ian james\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\ian james\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\ian james\appdata\local\microsoft\internet explorer\downloaded program files\microsoft office 15\npofficeondemand.dll
FF - ExtSQL: 2013-04-20 08:40; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-4-30 102448]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-4-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-4-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130502.001\BHDrvx86.sys [2013-5-8 1000024]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-4-16 134304]
R1 hola-drv;Hola Driver;c:\windows\system32\drivers\hola_drv.sys [2013-2-18 465216]
R1 hola-mon-drv;Hola Monitor Driver;c:\windows\system32\drivers\hola_mon_drv.sys [2013-2-18 71360]
R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\drivers\hola_net.sys [2013-2-18 72688]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130517.001\IDSvix86.sys [2013-5-18 386720]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-30 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-4-30 103120]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-4-30 174320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-4-16 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1403010.016\symnets.sys [2013-4-16 338592]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2009-7-22 81920]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 hola_updater;Hola Internet Acceleration Updater;c:\program files\hola\app\hola_updater.exe [2013-2-18 4279408]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-1-21 13336]
R2 instdt;dtchk service;c:\windows\system32\klpnm.exe [2012-4-24 20480]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-18 701512]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\mpich2\bin\smpd.exe [2009-11-18 458752]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-4-30 1124632]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-4-15 3289208]
R2 SPUpdService;SoundPLAN UpdateService;c:\program files\soundplan 7.2\SPUpdateService.exe [2012-12-14 530432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-21 3560800]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-5 106656]
R3 FirebirdServerDefaultInstance;Firebird Super Server 2.1.3 - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2009-7-22 2736128]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-1-21 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-18 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hola_svc;Hola Internet Acceleration Service;c:\program files\hola\app\hola_svc.exe [2013-2-18 4593728]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-6-18 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-5-13 100096]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-15 279592]
S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2011-6-26 1347584]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-20 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-21 171520]
S3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2011-9-6 5632]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-20 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-30 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-6-5 81704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .scr: ext1.File="c:\program files\lakes\screen view\Screen_View.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-18 12:24:48 -------- d-----w- c:\users\ian james\appdata\roaming\Malwarebytes
2013-05-18 12:24:33 -------- d-----w- c:\programdata\Malwarebytes
2013-05-18 12:24:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-18 12:24:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-18 06:06:31 -------- d-----w- c:\program files\x264 Video Codec
2013-05-15 12:05:08 -------- d-----w- c:\users\ian james\appdata\local\Temporary Projects
2013-05-15 11:46:39 -------- d-----w- c:\users\ian james\appdata\roaming\com.johnwu.ora.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
2013-05-15 11:46:33 -------- d-----w- c:\program files\Ora Time and Expense
2013-05-15 11:31:05 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-05-15 11:30:57 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-05-15 11:30:00 -------- d-----w- c:\windows\system32\RsFx
2013-05-15 11:28:44 -------- d-----w- c:\windows\system32\1033
2013-05-15 11:25:01 -------- d-----w- c:\program files\Microsoft SQL Server
2013-05-15 11:24:53 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-05-15 11:24:06 188128 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2013-05-15 11:21:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2013-05-15 11:21:58 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-05-14 11:26:44 -------- d-----w- c:\program files\Time & Expense Sheet Manager V4.1
2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-09 12:52:44 -------- d-----w- c:\users\ian james\appdata\local\{2932E683-2E14-42AB-8AD4-56741D509516}
2013-05-06 13:20:17 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-05-06 13:20:17 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-05-06 13:20:16 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-05-06 10:21:57 -------- d-----w- c:\program files\dumps
2013-05-06 10:20:39 -------- d-----w- c:\program files\common files\Steam
2013-05-06 10:20:28 -------- d-----w- c:\program files\Steam
2013-05-06 04:41:50 -------- d-----w- c:\users\ian james\appdata\roaming\inkscape
2013-05-06 04:31:05 -------- d-----w- c:\program files\Inkscape
2013-05-05 06:25:43 -------- d-----w- c:\users\ian james\appdata\roaming\Softland
2013-05-05 06:25:34 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-05-05 06:25:30 -------- d-----w- c:\users\ian james\appdata\local\PDF Annotator
2013-05-01 05:55:11 -------- d-----w- c:\programdata\Intergraph CAS
2013-05-01 05:55:11 -------- d-----w- c:\program files\Intergraph CAS
2013-05-01 05:55:11 -------- d-----w- c:\program files\common files\Autodesk Shared
2013-05-01 05:55:11 -------- d-----w- c:\program files\common files\Alias
2013-04-30 07:07:44 -------- d-----w- c:\users\ian james\appdata\roaming\Kyocera
2013-04-29 21:28:50 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-04-25 08:05:45 -------- d-----w- C:\J3035 SEP
2013-04-25 06:05:50 -------- d-----w- c:\program files\Any PDF to DWG Converter
2013-04-25 05:11:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 09:27:08 -------- d-----w- c:\program files\Citrix
2013-04-24 09:26:50 -------- d-----w- c:\users\ian james\appdata\local\Citrix
.
==================== Find3M ====================
.
2013-05-07 09:50:19 71360 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys
2013-05-07 09:50:19 465216 ----a-w- c:\windows\system32\drivers\hola_drv.sys
2013-03-24 07:27:31 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 06:55:52 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-20 06:55:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-15 08:52:10 608136 ----a-w- c:\windows\system32\drivers\hardlock.sys
2013-03-15 08:52:10 53192 ----a-w- c:\windows\system32\drivers\akshhl.sys
2013-03-15 08:52:10 46536 ----a-w- c:\windows\system32\aksusb4.dll
2013-03-15 08:52:10 4466120 ----a-w- c:\windows\system32\hasplms.exe
2013-03-15 08:52:10 4466120 ----a-w- c:\windows\system32\aksllmtp.exe
2013-03-15 08:52:10 43976 ----a-w- c:\windows\system32\akshhl30.dll
2013-03-15 08:52:10 376200 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2013-03-15 08:52:10 295944 ----a-w- c:\windows\system32\drivers\aksusb.sys
2013-03-15 08:52:10 244040 ----a-w- c:\windows\system32\drivers\akshasp.sys
2013-03-15 08:52:10 17992 ----a-w- c:\windows\system32\drivers\aksclass.sys
2013-03-15 08:52:10 15816 ----a-w- c:\windows\system32\akshsp52.dll
2013-03-13 07:31:40 2269184 ----a-w- c:\windows\system32\WindRose1.dll
2013-03-07 11:55:28 507904 ----a-r- c:\windows\system32\btwapi.dll
2013-02-19 18:24:22 72688 ----a-w- c:\windows\system32\drivers\hola_net.sys
2013-02-19 10:41:36 1447892 ----a-w- c:\windows\system32\WindRose2.dll
2013-02-18 05:22:18 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-18 05:22:18 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 05:22:18 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
.
============= FINISH: 16:55:11.84 ===============
---------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 29/07/2010 01:49:28 PM
System Uptime: 18/05/2013 04:44:54 PM (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU | 1994/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 12.342 GiB free.
D: is FIXED (NTFS) - 139 GiB total, 109.707 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: HP LaserJet Professional M1217nfw MFP
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: HP LaserJet Professional M1217nfw MFP
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP401: 18/05/2013 10:37:07 AM - Removed Network Recording Player
RP402: 18/05/2013 11:44:36 AM - Norton 360 Registry Clean
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
ALTools Update
ALZip 8.51
Any DWG DXF Converter 2013
Any PDF to DWG Converter 2013
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Battlelog Web Plugins
BitTorrent
BlackBerry Desktop Software 7.1
bpd_scan
bpd_scan_Carrier
BREEZE 3D Analyst
BREEZE AERMOD-ISC
CAESAR II 2011-Demo
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dishonored
Dropbox
ESN Sonar
Extended Asian Language font pack for Adobe Reader XI
EzManual
Feedback Tool
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript 8.71
Greenshot
Hola� 1.1.26 - Better Internet
HP Update
hppLaserJetService
hppM1130M1210SeriesLaserJetService
hppusgM1130M1210Series
Inkscape 0.48.4
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Kyocera Product Library
Kyocera TWAIN Driver
Lakes Environmental AERMOD View V.7.6.1
Lakes Environmental Screen View V.3.0.0
LG Intelligent Update
LG Magnifier
LG OSD
LG Smart Care
LG Smart Indicator
LG Smart Recovery
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Live Add-in 1.3
Microsoft Office on Demand Browser Add-ons
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
MozBackup 1.5.1
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-GB)
MPICH2
MSI Afterburner 2.3.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
MySQL Server 5.5
Nitro PDF Professional
Nitro PDF Professional 6.2
Norton 360
Norton Internet Security
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Display Control Panel
NVIDIA Graphics Driver 285.62
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
Ora Time and Expense
QuickTime
Rapport
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
RedMon - Redirection Port Monitor
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Click to Call
Skype� 6.3
SolidWorks eDrawings 2012
SoundPLAN 7.2 (remove only)
Sql Server Customer Experience Improvement Program
Steam
Striata Reader
swMSM
Synaptics Pointing Device Driver
Tanks409d
TeamSpeak 3 Client
TeamViewer 8
Time & Expense Sheet Manager V4.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.6
Vodafone Mobile Connect Lite
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WindRose ver.4.15-6.08
WinDust Pro
WinRAR 4.20 (32-bit)
WinZip 14.5
Yahoo! Detect
.

[RESOLVED] UPDATECHECKER.EXE

gypsy63 — Tue, 14 May 2013 14:48:27 GMT

Using:
Windows 7 Premium--64 bit
SuperAntiSpyware--Professional
Malwarebites--free
Avast--free

For the last 2 mornings every time I turn on my computer, SuperAntiSpyware always tells me I have a Trojan. It listed as: SYSWOW64\C2\UPDATECHECKER.EXE

I have checked this file with all my other security ware and none of them seem to think anything is wrong with this file. The only reason I have hesitated about doing anything with this file is because I suspect it has something to do with C-Net's TechTracker. I have use TechTracker for years with no problems. It keeps track of all the software I download from C-Net and lets me know whenever they are out of date and needs to be updated--also provides me with the ability to download the updates right from the TechTracker. I have used C-Net for over 10 years to download most of my programs and have never received any thing nasty from them--considered a safe site to download from. Once a long time ago C-net warned that when you downloaded something from their site that your security ware would tell you that their downloader was a virus/Trojan but that it was not. So it was only after I updated some of my software, using TechTracker, that I started getting a notice from SuperAntiSpyware that I had a Trojan. So do you know if this really is a Trojan, or if it probably has something to do with the TechTracker, and thus, would not really be harmful?
Thanks,
Sheila

[RESOLVED] Internet Security Virus

merle211 — Sat, 11 May 2013 03:41:23 GMT

A virus keeps popping up called Internet Security that performs a fake scan.

Here are the scans:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.06.01

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Clare :: CLARE-PC [administrator]

5/9/2013 11:01:50 AM
mbam-log-2013-05-09 (11-01-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241327
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAV) -> Data: C:\ProgramData\amsecure.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\conhost.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\amsecure.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

(end)

[RESOLVED] Help with MixDJ and search.conduit

kanstar — Wed, 08 May 2013 21:57:19 GMT

I downloaded these as add-ons by mistake. Not sure if they are the same or separate malware.

Running a malwarebytes scan now and will post the log.

Any help is appreciated. Thank you.

[RESOLVED] System Care AV Virus?

JLS — Mon, 06 May 2013 16:12:11 GMT

I was surfing a website and all of a sudden my firefox browser closed and a program called system care antivirus began scanning my system and it was finding a number of files. I never installed this system care AV on my system but when I went to start/all prgrams, the program was listed in there. I can't even access some of my files. I couldn't run my av that I had installed on my computer which was microsoft security essentials or my Malwarebytes. I even tried unistalling microsoft SE using revo uninstaller and it gave me an error message when I first attempted to uninstall it. I couldn't access many of my files. I tried doing a system restore and it wouldn't open that either. What I did before posting here was I went into safe mode and tried to do a system restore from there and then it coculdn't restore it and asked to try again after rebooting back into windows. I tried again and then system restore was successful. This system care AV is not showing up in the list under start/all programs anymore since I was finally able to do a system restore successfully. But, I still can't access some programs.

I had to install Avast since microsoft security essentials won't open and run on my computer. I tried to reinstall microsoft SE but it said there already is a version on my computer. After I ran Avast AV, it found a good number of files which I quarantined after the scan. When I tried to run malwarebytes which was already on my system as well, it won't open that program either and it asked me to reinstall the program which I did so I could run it. Below is the logs of malwarebytes and DDS runs.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.05.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: DAVE-835A839979 [administrator]

5/6/2013 11:30:36 AM
mbam-log-2013-05-06 (11-30-36).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238473
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\S-1-5-18\$2f7a1e352a1def77d5e33ef0c48bef8e\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Dave at 11:53:06 on 2013-05-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2109 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\WINDOWS\StartupMonitor.exe
C:\Documents and Settings\Dave\Local Settings\Apps\F.lux\flux.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Tracker Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Tracker Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Tracker Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [MonitorES] e:\saved files before backup and reformat\downloads programs\MonitorES_Lite.exe
uRun: [F.lux] "c:\documents and settings\dave\local settings\apps\f.lux\flux.exe" /noshow
mRun: [Run StartupMonitor] StartupMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358593450468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358616107265
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2BBD3C98-3D2B-402E-88F1-062F42B8286F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dave\application data\mozilla\firefox\profiles\nvlxhlns.default\
FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/forums/forumdisplay.php?f=9|http://www.fatwallet.com/forums/hot-...upondeals.com/
FF - plugin: c:\docume~1\dave\applic~1\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-05-05 13:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-05-06 11:09; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-6 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-6 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-6 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-6 46808]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2013-1-18 68136]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-1-19 12184]
R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-2-11 200771]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
R3 jakndisMP;jakndisMP;c:\windows\system32\drivers\jakndis.sys [2013-1-21 30016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-6 40776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-6 49376]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-6 765736]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 jakndis;Jaksta Service;c:\windows\system32\drivers\jakndis.sys [2013-1-21 30016]
.
=============== Created Last 30 ================
.
2013-05-06 15:43:35 54016 ----a-w- c:\windows\system32\drivers\chfgfd.sys
2013-05-06 15:09:18 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-06 15:09:18 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-06 15:09:17 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-06 15:09:16 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-06 15:08:54 41664 ----a-w- c:\windows\avastSS.scr
2013-05-06 15:08:40 -------- d-----w- c:\program files\AVAST Software
2013-05-06 15:07:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-05-06 14:03:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-06 13:43:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-05-06 13:43:32 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-06 12:06:14 -------- d-----w- c:\documents and settings\all users\application data\105FA8A4779130F00000105F984A3647
2013-05-05 17:17:29 -------- d-----w- c:\program files\MSXML 4.0
2013-05-05 17:09:55 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-05 15:49:24 -------- d-----w- c:\windows\system32\XPSViewer
2013-05-05 15:49:05 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-05-05 15:48:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-05-05 15:48:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-05-05 15:48:55 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-05-05 15:48:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-05-05 15:48:55 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-05-05 15:48:55 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-05-05 15:48:55 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-05-05 15:48:55 117760 ------w- c:\windows\system32\prntvpt.dll
2013-05-05 02:57:15 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{56c65cb1-863d-4b72-84f8-592386c76709}\mpengine.dll
2013-05-04 02:57:27 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2013-05-06 14:58:28 17488 ----a-w- c:\windows\gdrv.sys
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-18 19:56:28 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 19:56:27 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 10:20:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 10:20:52 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 10:20:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-10 10:20:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-14 07:30:19 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 11:53:18.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2013 7:32:38 PM
System Uptime: 5/6/2013 10:57:45 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3P
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 80.322 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 194.838 GiB free.
E: is FIXED (NTFS) - 639 GiB total, 637.601 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 5/5/2013 2:02:24 PM - Software Distribution Service 3.0
RP153: 5/6/2013 9:06:49 AM - Restore Operation
RP154: 5/6/2013 9:08:08 AM - Restore Operation
RP155: 5/6/2013 9:22:42 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP156: 5/6/2013 9:23:22 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP157: 5/6/2013 9:23:34 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP158: 5/6/2013 9:23:43 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP159: 5/6/2013 9:25:04 AM - Before Microsoft Security Essentials Revo Uninstall
RP160: 5/6/2013 9:25:50 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP161: 5/6/2013 9:25:59 AM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP162: 5/6/2013 9:41:44 AM - Restore Operation
RP163: 5/6/2013 11:08:40 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
avast! Free Antivirus
Belarc Advisor 8.3
BufferChm
CaptureWizPro 4.50
Catalina Savings Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Coupon Printer for Windows
Daum PotPlayer 1.5.29795
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceManagementQFolder
Dropbox
Energy Saver Advance B9.0316.1
eReg
eSupportQFolder
F.lux
FileHippo.com Update Checker
Free Mp3 Wma Converter V 2.2
Gigabyte Raid Configurer
Google Chrome
Google Drive
Google Earth
Google Update Helper
H&R Block Deluxe + Efile + State 2012
H&R Block Pennsylvania 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 7.0
HP Scanjet G4000 series 8.0
HP Solution Center 7.0
hpG4000
hpg4000QFolder
HPProductAssistant
ImgBurn
Jaksta Streaming Media Recorder (4.4.3)
Java 7 Update 17
Java Auto Updater
Learn2 Player (Uninstall Only)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote 2003
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
PanoStandAlone
PDF-Viewer
PerfectDisk
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Replay Telecorder for Skype 1.3.0.12
Revo Uninstaller 1.94
Scan
ScannerCopy
Secunia PSI (3.0.0.6001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype� 6.3
SolutionCenter
StartupMonitor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Viewpoint Media Player
VuePrint
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
5/6/2013 9:12:40 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 8:38:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/6/2013 8:27:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/6/2013 8:27:01 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2013 8:27:01 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2013 8:27:01 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2013 8:27:01 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2013 8:26:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/6/2013 8:26:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2013 8:26:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/6/2013 8:22:07 AM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
5/6/2013 8:22:07 AM, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 2 time(s).
5/6/2013 8:22:07 AM, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
5/6/2013 8:22:07 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
5/6/2013 8:20:58 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/6/2013 8:20:58 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secunia Update Agent service to connect.
5/6/2013 8:20:58 AM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2013 8:12:16 AM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
5/6/2013 8:05:15 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The file can not be accessed by the system.
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The PDScheduler service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2013 10:44:53 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/30/2013 6:00:21 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
4/30/2013 6:00:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL. Reference error message: The operation completed successfully. .
4/30/2013 6:00:21 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

[Inactive] can't open home page, foxnews

townpump1 — Mon, 06 May 2013 15:55:10 GMT

I can't open with home page, Foxnews. I keep getting a page like http:start.sweetpacks.com. I think it is part of Microsoft.

Google tells me Sirefef.gen!c

Obsession — Tue, 30 Apr 2013 11:46:28 GMT

Hey, How are ya

Google chrome just told me i have sirefef.gen!c and refuses certain sites.. funny enough AVG antivirus doesnt tell me anything.
After some quick google searching it seems to be hard to remove and people keep referring(or reposting the same article) to removing it manually and then provide a guide that doesnt add up.

Im hoping to get some help with this.

ive read this http://discussions.virtualdr.com/sho...d-4-28-2013%29

So im gonna proceed and download the malware and the dds tool and report back in the evening and post the logs.
I also read a topic with a simmilar virus however i cant verify if i should jsut do what he did so i decided to open up a new topic and get advice from people who do know.

Some quick questions, can it steal my hotmail password and can it get my paypal password out of my cache or something like that? do i need to be worried about my paypal account?
im afraid to login because it might steal my password.

thanks for the help so far.

[Inactive] Unknown Problem

Judaeus Apella — Tue, 30 Apr 2013 03:44:10 GMT

I've been noticing for a while that my computer just doesn't feel right. Something went wrong with Firefox and everything was loading really slow and it was like it was constantly thinking in the background. So I uninstalled EVERYTHING having to do with Firefox. Every temp and cookie file, anything related to it. Scanned with Adaware and Malwarebytes, then reinstalled. Its working fabulous now, but something's still not right. I tried playing Dead Frontier, and I am having constant loading and connection problems. They swear they're not having any problems with the servers, and a "Security Error" where the game disconnects from the server is always on the user's side. That's what they told me. I've also noticed my machine isn't as fast as it used to be. I've seen other people complaining about this, but most people have no problems at all. This is what an admin said:

Quote:

Randomly not responding to the keyboard is usually graphic lag resulting in input lag(browser can cause those issues also, which can be caused by not enough CPU/RAM available).

Security errors are usually caused by connection "issues" from the player to the server, as in data packets are being lost/super slow to arrive to the server or in some cases having Cheat Engine installed on your computer.

Like I said, I searched it with several programs. I only found a few of the usually minor things you get from typical web browsing, but nothing major. And that's whats worrying me. If there is something on my PC, its sneaky and that probably means its bad news. Can anyone help me figure out what's on my PC and help me find it... if its there? Please?

[RESOLVED] WIN XP "Issues"

Ron Rockwell — Mon, 29 Apr 2013 22:18:28 GMT

My friends WIN XP is suffering from severe slowness issues. I have ran MBAM and DDS and have copied here in an attempt to get some of the very helpful people at VirtualDr to take a look.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.29.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jim Salvo :: LAPTOP [administrator]

Protection: Enabled

4/29/2013 4:23:50 PM
mbam-log-2013-04-29 (16-23-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243355
Time elapsed: 32 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jim Salvo at 16:59:13 on 2013-04-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.377 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Common Files\Search Protection\spHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyOverride = ;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Search Protection Class: {DEE1F01A-E6A8-4740-B420-3C521F234F74} - c:\program files\common files\search protection\sp.dll
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: BrowserHelper Class: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Search Protection Class: {DEE1F01A-E6A8-4740-B420-3C521F234F74} - c:\program files\common files\search protection\sp.dll
BHO: {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [bacstray] BacsTray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 -
IE: {B1C5B118-8240-47a6-AE84-103B05FB5AEF} - c:\program files\common files\search protection\spControl.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BB9D49DE-6BB7-4D85-A707-12A362451B13} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{BB9D49DE-6BB7-4D85-A707-12A362451B13} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=20130420124627796&tb_oid=20-04-2013&tb_mrud=22-04-2013
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ver%3a1%252c0%26ld%3awebmail.aol.com%26pv%3aAOL%26lc%3aen-us
FF - component: c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-04-20 18:13; addon@defaulttab.com; c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 1969-12-31 18:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\jim salvo\application data\mozilla\firefox\profiles\7whe40qw.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2008-07-07 18:20; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2008-12-01 21:23; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-09-01 17:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 195296]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-22 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-22 701512]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-4-29 1369624]
R2 SPHost;SPHost;c:\program files\common files\search protection\spHost.exe [2009-6-24 107816]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-12-15 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2011-12-16 246688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-22 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-4-29 1103392]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-4-29 168384]
S2 WDFMEService;WDFME;c:\program files\western digital\wd smartware\WDFME.exe [2011-12-15 1591176]
S2 WDRulesService;WDRules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-12-15 1091992]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-4-11 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="c:\program files\microsoft office\office\WINWORD.EXE" /n [UserChoice] [default=edit - 'Open' doesn't exist]
FileExt: .ini: Applications\POWERPNT.EXE="c:\program files\microsoft office\office\POWERPNT.EXE" /s "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-29 20:41:30 388096 ----a-r- c:\documents and settings\jim salvo\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-04-29 20:40:31 -------- d-----w- c:\program files\Trend Micro
2013-04-29 18:15:23 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cce27a9e-cb27-4fbc-bf68-6481a60b7222}\mpengine.dll
2013-04-29 16:02:54 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-04-29 16:02:08 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-04-29 16:01:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-29 14:04:29 6906960 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-28 03:56:30 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-04-23 00:36:33 -------- d-----w- c:\documents and settings\jim salvo\application data\Malwarebytes
2013-04-23 00:36:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-04-23 00:35:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 00:35:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-21 02:05:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-04-21 02:05:36 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-21 02:03:05 -------- d-----w- c:\program files\Aerial Apparatus Driver Operator Study Guide
2013-04-21 02:03:03 -------- d-----w- c:\program files\common files\Software Update Utility
2013-04-20 16:52:56 -------- d-----w- c:\program files\DefaultTab
2013-04-20 16:52:27 -------- d-----w- c:\documents and settings\jim salvo\application data\DefaultTab
2013-04-20 16:51:03 -------- d-----w- c:\program files\MyPC Backup
.
==================== Find3M ====================
.
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 18:40:08 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:40:08 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:40:00 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
.
============= FINISH: 17:01:29.69 ===============

[Inactive] slow

fred scuttle — Mon, 29 Apr 2013 18:59:53 GMT

Hi can I have my log's checked please as my notebook is running slow and hesitating when I click to open program's or web pages and also freezing.Samsung RF511 Notebook intel core I5-2450m cpu@2.50 Ghz,8.0GB Ram,Intel HD Graphics,MS Win 7 Home Premium
64bit SP1.14MB SKY Broadband. Thank's

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christine :: CHRISTINE-PC [administrator]

29/04/2013 19:35:38
mbam-log-2013-04-29 (19-35-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240134
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/02/2012 16:51:31
System Uptime: 29/04/2013 16:24:31 (3 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 502 GiB total, 388.691 GiB free.
D: is FIXED (NTFS) - 409 GiB total, 369.06 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00FD\8&15C4787D&0&6C9B027885E3_C00000000
Manufacturer:
Name:
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00FD\8&15C4787D&0&6C9B027885E3_C00000000
Service:
.
==== System Restore Points ===================
.
RP216: 05/03/2013 02:20:45 - Windows Update
RP217: 11/03/2013 20:28:42 - Windows Update
RP218: 13/03/2013 15:11:15 - Windows Update
RP219: 17/03/2013 02:23:02 - McAfee Vulnerability Scanner
RP220: 17/03/2013 02:26:38 - Windows Update
RP221: 17/03/2013 02:37:07 - Installed Java 7 Update 17 (64-bit)
RP222: 27/03/2013 19:38:39 - Scheduled Checkpoint
RP223: 11/04/2013 22:11:48 - Windows Update
RP224: 16/04/2013 04:35:08 - McAfee Vulnerability Scanner
RP225: 26/04/2013 18:44:24 - Windows Update
RP226: 29/04/2013 16:27:32 - McAfee Vulnerability Scanner
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
ActiveX-kontroll f�r fj�rran****ningar f�r Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Agatha Christie - Death on the Nile
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft PhotoImpression 5
ArcSoft TotalMedia 3
ArcSoft VideoImpression 2
�Windows Live Essentials�
�Windows Live Mail�
�Windows Live Mesh ActiveX� nuotoliniu ry�iu valdiklis
�Windows Live Messenger�
�Windows Live� fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
Belarc Advisor 8.3
Bing Bar
Bonjour
Broadcom 802.11 Network Adapter
Build-a-lot
Call of Duty
Canon Auto Update Service
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
ChargeableUSB
Chuzzle Deluxe
Contr�le ActiveX Windows Live Mesh pour connexions � distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conex�es Remotas
Controlo ActiveX do Windows Live Mesh para Liga��es Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
EASEUS Partition Master 9.1.1 Home Edition
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
EPSON Printer Software
EPSON S22 Series Printer Uninstall
ETDWare PS/2-X64 8.0.7.2_WHQL
Farm Frenzy
Fast Start
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galer�a fotogr�fica de Windows Live
Google Earth Plug-in
Google Update Helper
Grand Theft Auto Vice City
iCloud
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
iTunes
Java 7 Update 11
Java 7 Update 17 (64-bit)
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Online Backup
McAfee Total Protection
Medal of Honor Allied Assault
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 4.0
Movie Color Enhancer
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
Multimedia POP
Nokia Connectivity Cable Driver
NVIDIA Display Control Panel
NVIDIA Graphics Driver 266.72
NVIDIA Install Application
NVIDIA Optimus 1.0.15
NVIDIA Update Components
Ovl�dac� prvek ActiveX platformy Windows Live Mesh pro vzd�len� pripojen�
Ovl�dac� prvok ActiveX programu Windows Live Mesh pre vzdialen� pripojenia
PC Connectivity Solution
Peggle
Penguins!
PhoneShare
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Po�ta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Safari
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SamsungMovie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
SISShortcut
Sky Go Desktop
Skype Click to Call
Skype� 6.3
SpywareBlaster 5.0
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?�a???s�??e? s??d?se??
SUPERAntiSpyware
System Requirements Lab for Intel
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
User Guide
Uzak Baglantilar I�in Windows Live Mesh ActiveX Denetimi
WIDCOMM Bluetooth Software
WildTangent Games
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fot�t�r
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogal�ria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vez�rlo t�voli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin et�yhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Po�ta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Par�alar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennusty�kalu
Windows Liven s�hk�posti
Windows Liven valokuvavalikoima
WordCaptureX Pro
WOT for Internet Explorer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
29/04/2013 19:15:42, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
29/04/2013 19:15:42, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
29/04/2013 18:07:31, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
29/04/2013 18:07:31, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
29/04/2013 18:07:31, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
29/04/2013 18:07:24, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
29/04/2013 15:15:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
29/04/2013 15:15:14, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2013 15:15:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/04/2013 15:14:47, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
29/04/2013 15:14:47, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
26/04/2013 19:33:12, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
26/04/2013 19:20:57, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
26/04/2013 19:13:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Christine-PC\Christine SID (S-1-5-21-1867582200-139094598-4032816429-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
23/04/2013 14:56:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
23/04/2013 14:56:43, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on F: cannot be read.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Christine at 19:42:20 on 2013-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8103.5625 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\SAMSUNG\SISv3\XeControl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_169_ActiveX.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\windows\notepad.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06800801-C2F4-461A-AC24-C6149121E12E} : NameServer = 88.82.13.44
TCP: Interfaces\{6FCCD9FA-0DCF-4AE2-93FB-2541A7BEBD63} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6FCCD9FA-0DCF-4AE2-93FB-2541A7BEBD63}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6FCCD9FA-0DCF-4AE2-93FB-2541A7BEBD63}\34C616368616E60234F64747167656020333 : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-11-9 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-11-9 339776]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-9-7 25960]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2013-2-9 66040]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-7 13824]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-9 221296]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-8 103472]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-9 221296]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-9 221296]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-9 221296]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-9 221296]
R2 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-4-6 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-9 1007288]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-9 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-2-9 182312]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-7 2655768]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-16 348712]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-16 39464]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-11-9 69672]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-7 138024]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-7 317440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-11-9 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-11-9 515528]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2012-11-2 328976]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 epmntdrv;epmntdrv;C:\windows\System32\epmntdrv.sys [2012-5-10 16776]
S3 EuGdiDrv;EuGdiDrv;C:\windows\System32\EuGdiDrv.sys [2012-5-10 9096]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-4-6 197264]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2012-11-2 97208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-7 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-26 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-29 18:34:01 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-04-29 18:34:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-26 17:48:21 -------- d-----w- C:\Users\Christine\AppData\Local\{34F0C62D-8303-472F-A724-EEBB03534DB0}
2013-04-24 11:16:35 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-23 14:08:13 -------- d-----w- C:\Users\Christine\AppData\Local\{FBFCA0E5-4BA3-4A22-9090-1144E39B7D8B}
2013-04-22 11:02:42 -------- d-----w- C:\Users\Christine\AppData\Local\{DB6E6C06-137E-4FAD-A954-CEBFE58E2DC7}
2013-04-20 13:40:13 -------- d-----w- C:\Users\Christine\AppData\Local\{D70A6203-A948-4E06-B00E-7EBD848958F5}
2013-04-17 20:16:57 -------- d-----w- C:\Users\Christine\AppData\Roaming\ZoomBrowser EX
2013-04-17 20:10:06 -------- d-----w- C:\ProgramData\ZoomBrowser
2013-04-17 20:09:04 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-04-17 20:09:01 -------- d-----w- C:\Program Files (x86)\Canon
2013-04-17 20:03:50 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2013-04-12 20:51:11 -------- d-----w- C:\Users\Christine\AppData\Local\{5836C7FB-BC10-4BE3-A118-6D8E48BCB55E}
2013-04-09 20:51:41 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-04-09 20:51:23 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys
2013-04-09 20:51:16 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-09 20:51:14 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 20:51:14 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-04-09 20:51:13 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-04-09 20:51:13 112640 ----a-w- C:\windows\System32\smss.exe
2013-04-09 20:51:12 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-04-09 20:41:43 -------- d-----w- C:\Users\Christine\AppData\Local\{5CC70AAD-BEF4-4BF4-A908-8BFAC9D41106}
2013-04-07 19:32:15 -------- d-----w- C:\Users\Christine\AppData\Local\{D7F2B93A-00F9-4BEE-B2F6-0026FCF23410}
2013-04-06 01:52:22 74560 ----a-w- C:\windows\System32\drivers\McPvDrv.sys
2013-04-06 01:52:08 197264 ----a-w- C:\windows\System32\drivers\HipShieldK.sys
2013-03-30 19:08:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-30 19:08:53 -------- d-----w- C:\Program Files\iTunes
2013-03-30 19:08:53 -------- d-----w- C:\Program Files\iPod
2013-03-30 19:08:53 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2013-04-29 15:28:05 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-29 15:28:05 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-17 02:37:35 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-03-17 02:37:34 963488 ----a-w- C:\windows\System32\deployJava1.dll
2013-03-17 02:37:34 1085344 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-02-21 10:30:16 1766912 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
.
============= FINISH: 19:43:05.19 ===============

[Inactive] unwanted mixidj search engine

MurrayWise — Mon, 29 Apr 2013 03:40:25 GMT

I installed some free software and got several unwanted browser add-ons. Some were removable. But mixidj was not. Would you help me remove it? Thanks.

Here are the scan results.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2012 8:56:31 AM
System Uptime: 4/28/2013 10:29:20 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53Z
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | P0 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 300 GiB total, 219.011 GiB free.
D: is FIXED (NTFS) - 373 GiB total, 333.14 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 4/7/2013 9:21:59 PM - Windows Update
RP153: 4/11/2013 8:40:41 AM - Windows Update
RP154: 4/14/2013 11:45:39 AM - Windows Update
RP155: 4/18/2013 7:49:25 AM - Windows Update
RP156: 4/22/2013 1:00:35 AM - Windows Update
RP157: 4/24/2013 7:14:59 AM - Windows Update
RP158: 4/24/2013 9:23:25 AM - Installed Rapport
RP159: 4/27/2013 10:41:27 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
1-Click YouTube Downloader 10.1
ActivePerl 5.14.2 Build 1402 (64-bit)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Amazon Kindle
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD System Monitor
AMD VISION Engine Control Center
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArsClip
ASUS AI Recovery
ASUS FaceLogon
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Sonic Focus
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
Atheros Client Installation Program
ATK Package
Audacity 2.0.2
AudibleManager
AutoHotkey 1.0.48.05
AxCrypt 1.7.2867.0
Bing Bar
Bitcoin
Bluetooth Win7 Suite (64)
Bonjour
Camtasia Studio 6
Canon MX320 series MP Drivers
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Contr�le ActiveX Windows Live Mesh pour connexions � distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Liga��es Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
Dropbox
DVD Decrypter (Remove Only)
ETDWare PS/2-X64 8.0.5.1_WHQL
EXAKT
Fast Boot
FileBox eXtender
FileZilla Client 3.6.0.2
Freeplane
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galer�a fotogr�fica de Windows Live
Google Chrome
Google Drive
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToMeeting 5.5.0.1133
HTML-Kit 292
ImgBurn
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 33 (64-bit)
Java(TM) SE Development Kit 6 Update 33 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Kingsoft Office 2012 (8.1.0.3375)
LAME v3.99.3 (for Windows)
Macro Express 3
magicJack
Malwarebytes Anti-Malware version 1.75.0.1300
Megacubo 10
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MP3 Skype Recorder
MSVCRT
MSVCRT_amd64
MWSnap 3
Nuance PDF Reader
Oracle Database 11g Express Edition
PDFill PDF Editor with FREE Writer and FREE Tools
Rapport
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype� 6.1
SPAR PHM 4.0
Spybot - Search & Destroy
Staples Easy Print
Syntext Serna Free 4.4.0
TeamViewer 8
TeleKast version 1.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Virtual Magnifying Glass v3.5
VLC media player 2.0.5
Wajam
WampServer 2.2
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 4.20 (64-bit)
Wireless Console 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/27/2013 6:48:48 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
4/27/2013 6:48:48 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
4/24/2013 8:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user LRCM-PC\Murray SID (S-1-5-21-395879043-1767180283-1117684252-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/21/2013 5:52:20 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Murray at 23:02:33 on 2013-04-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7657.5212 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mstart.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mcomm.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Murray\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mlauncher.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\FileBX\FileBX.exe
C:\Users\Murray\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\FileBX\Fbx32helper.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN77173014416987741&UM=2&UP=SPE88797D9-3B9F-431A-BC22-4717DB99743D
uSearch Bar = hxxp://search.minituner.org/
uSearch Page = hxxp://search.minituner.org/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mSearch Page = hxxp://search.minituner.org/
mDefault_Search_URL = hxxp://search.minituner.org/
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=5c472d85-a6b1-4217-a831-93d147796895&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearchURL,(Default) = hxxp://search.minituner.org/q/%s
mSearchAssistant = hxxp://search.minituner.org/
mCustomizeSearch = hxxp://search.minituner.org/
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: : {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Murray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [cdloader] "C:\Users\Murray\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Megacubo] "C:\Program Files (x86)\Megacubo\megacubo.exe" -load:update -type:startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [SearchProtect] C:\Users\Murray\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRunOnce: [Application Restart #1] C:\Users\Murray\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Murray\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Murray\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILEBO~1.LNK - C:\Program Files\FileBX\FileBX.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Megacubo.lnk - C:\Program Files (x86)\Megacubo\megacubo.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4D3F7226-B4A8-4244-B9C2-236BD6360A5C} : DHCPNameServer = 10.47.44.18 10.47.44.1
TCP: Interfaces\{90B428C4-B95F-4CD9-97CB-074602CE4370} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{90B428C4-B95F-4CD9-97CB-074602CE4370}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{90B428C4-B95F-4CD9-97CB-074602CE4370}\2454C4C4037303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{90B428C4-B95F-4CD9-97CB-074602CE4370}\A607C613 : DHCPNameServer = 10.128.128.128
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\22580~1.182\{16cdf~1\brwmngr.dll
SSODL: WebCheck -
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: : {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 -
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-1-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-1-17 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-3-26 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-1-17 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-17 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-24 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-27 3560288]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-1-17 16768]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-1-17 96896]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-17 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-1-17 214144]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-17 231440]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-11-10 138024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-27 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-17 452200]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-17 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-7-28 236248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-1-17 250984]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-24 1255736]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown exhuyfpe;exhuyfpe; [x]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Notepad2.exe="C:\Program Files (x86)\notepad2\Notepad2.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-28 17:33:12 -------- d-----w- C:\Users\Murray\AppData\Local\Deal Spy
2013-04-28 17:31:39 -------- d-----w- C:\MyMusic
2013-04-28 17:31:23 -------- d-----w- C:\Program Files (x86)\1-Click YouTube Downloader
2013-04-28 17:31:10 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-04-28 17:30:56 -------- d-----w- C:\Users\Murray\AppData\Roaming\SearchProtect
2013-04-28 13:29:57 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E74855B8-C9DF-40DC-9060-AB890629074A}\mpengine.dll
2013-04-27 14:42:10 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 11:27:28 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4836E450-50AE-48B1-BF6F-3AF6E7CD20CE}\gapaengine.dll
2013-04-23 20:25:39 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 15:55:45 -------- d-----w- C:\Users\Murray\TeleKast
2013-04-19 15:55:42 -------- d-----w- C:\Users\Murray\AppData\Roaming\Lightscape
2013-04-19 15:55:42 -------- d-----w- C:\Users\Murray\AppData\Local\Lightscape
2013-04-19 15:55:31 -------- d-----w- C:\Program Files (x86)\TeleKast
2013-04-10 12:02:47 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 12:02:46 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 12:02:44 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 12:02:44 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 12:02:44 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 12:02:44 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 12:02:32 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 12:00:51 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 12:00:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 12:00:44 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:00:44 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 12:00:43 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 12:00:43 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 12:00:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
.
==================== Find3M ====================
.
2013-04-29 02:32:03 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-04-24 13:27:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-24 13:27:26 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 17:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-06 20:58:38 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 20:58:32 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 20:58:32 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-22 14:36:37 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 23:03:25.82 ===============

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Murray :: LRCM-PC [administrator]

Protection: Enabled

8/27/2012 8:59:18 PM
mbam-log-2012-08-27 (20-59-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196503
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Murray\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

[Inactive] Fbi virus

kspeel — Sun, 28 Apr 2013 11:40:40 GMT

Have a dell dimension 4700 that boots to the fbi virus. I try to go to safe mode but get a blue screen technical error. It is just an older computer. I there any other way to remove this without going to safe mode?