Jump to content

lharrison616

Members
  • Content Count

    54
  • Joined

  • Last visited

About lharrison616

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. OK all seems well now. Thank you very much and I also appreciate your patience with me as I was only able to reply in the late evening due to work. I have installed WOT and will add The spyware software you suggested. I have had no other problems at all. I will also be careful about who uses the computer.
  2. I also noticed that an Icon that said free games on the desktop was no longer useable. That was installed by a friend and I kind of figured it was malware or adware.
  3. it had several lines like the ones I copied and Deleted Successfully was the last thing in the box (looked like a DOS box) after I pressed a key it just deleted the fix.bat file
  4. I did complete the scan. no IE crashes so far. C:Program Files (x86)Dell DataSafe Local Backuphstart.exe a variant of Win32/HiddenStart.A applicationC:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdatehstart.exe a variant of Win32/HiddenStart.A applicationC:UsersJamesAppDataLocalLowGamingWonderlandEIInstallrCache0061C62D.exe a variant of Win32/Toolbar.MyWebSearch.O applicationC:UsersJamesAppDataLocalLowMindDabble_4pEIInstallrCache00233256.exe a variant of Win32/Toolbar.MyWebSearch.O application Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.19.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635James :: JAMES-PC [administrator] 7/18/2013 10:34:31 PMmbam-log-2013-07-18 (22-34-31).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216091Time elapsed: 5 minute(s), 10 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  5. OK I get the duh award today. I started Eset and after running for 20 minutes I realize that I forgot to disable my Virus Scanner. Do I need to rerun the scan with it disabled?
  6. No IE Crashes since I mentioned it. here are the logs. # AdwCleaner v2.305 - Logfile created 07/17/2013 at 23:01:21# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : James - JAMES-PC# Boot Mode : Normal# Running from : C:UsersJamesDesktopadwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:ProgramDataAVG Secure Search ***** [Registry] ***** ***** [internet Browsers] ***** - Internet Explorer v10.0.9200.16635 [OK] Registry is clean. - Google Chrome v28.0.1500.72 File : C:UsersJamesAppDataLocalGoogleChromeUser DataDefaultPreferences Deleted [l.25] : keyword = "isearch.avg.com", ************************* AdwCleaner[R1].txt - [14258 octets] - [15/07/2013 19:06:11]AdwCleaner[R2].txt - [1202 octets] - [17/07/2013 22:58:34]AdwCleaner[s1].txt - [13932 octets] - [15/07/2013 19:12:05]AdwCleaner[s2].txt - [1101 octets] - [17/07/2013 23:01:21] ########## EOF - C:AdwCleaner[s2].txt - [1161 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.6 (07.17.2013:4)OS: Windows 7 Home Premium x64Ran by James on Wed 07/17/2013 at 23:08:03.84~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaretheseaappSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{950AF0F1-B122-468F-A4C5-D758AF36BF5D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee} ~~~ Files Successfully deleted: [File] C:Program Files (x86)4pres.dll ~~~ Folders Successfully deleted: [Folder] "C:UsersJamesappdatalocalvisi_coupon" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/17/2013 at 23:15:44.85End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. After the scan the computer restarted and when I clicked on internet explorer it said it was unavailable or had been moved and asked me if I wanted to remove the icon. I restarted the computer and it works now. This has happened in the past few days also. A restart seems to fix it. ComboFix 13-07-16.01 - James 07/17/2013 18:27:02.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2779 [GMT -5:00]Running from: c:usersJamesDesktopComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:programdataAMMYYc:programdataAMMYYhrc:programdataAMMYYhr3c:programdataAMMYYsettings3.binc:windowswininit.ini.Infected copy of c:windowssystem32Services.exe was found and disinfectedRestored copy from - c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe..((((((((((((((((((((((((( Files Created from 2013-06-18 to 2013-07-18 )))))))))))))))))))))))))))))))..2013-07-18 00:28 . 2013-07-18 00:28 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-07-16 00:02 . 2013-06-05 03:34 3153920 ----a-w- c:windowssystem32win32k.sys2013-07-16 00:02 . 2013-04-10 05:48 1732608 ----a-w- c:program filesWindows JournalNBDoc.DLL2013-07-16 00:02 . 2013-04-10 05:46 1393152 ----a-w- c:program filesWindows JournalJNTFiltr.dll2013-07-16 00:02 . 2013-04-10 05:46 1367040 ----a-w- c:program filesCommon FilesMicrosoft Sharedinkjournal.dll2013-07-16 00:02 . 2013-04-10 05:46 1402880 ----a-w- c:program filesWindows JournalJNWDRV.dll2013-07-16 00:02 . 2013-04-10 05:03 936448 ----a-w- c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll2013-07-15 23:54 . 2013-05-27 05:50 1011712 ----a-w- c:program filesWindows DefenderMpSvc.dll2013-07-15 23:54 . 2013-05-27 05:50 571904 ----a-w- c:program filesWindows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 04:57 392704 ----a-w- c:program files (x86)Windows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 05:50 314880 ----a-w- c:program filesWindows DefenderMpCommu.dll2013-07-15 23:54 . 2013-05-27 04:57 54784 ----a-w- c:program files (x86)Windows DefenderMpOAV.dll2013-07-15 23:54 . 2013-05-27 03:15 9216 ----a-w- c:program files (x86)Windows DefenderMpAsDesc.dll2013-07-15 23:54 . 2013-05-27 04:57 4608 ----a-w- c:program files (x86)Windows DefenderMsMpLics.dll2013-07-15 23:50 . 2013-04-09 23:34 1247744 ----a-w- c:windowsSysWow64DWrite.dll2013-07-15 23:50 . 2013-04-02 22:51 1643520 ----a-w- c:windowssystem32DWrite.dll2013-07-15 23:49 . 2013-06-04 06:00 624128 ----a-w- c:windowssystem32qedit.dll2013-07-15 23:49 . 2013-06-04 04:53 509440 ----a-w- c:windowsSysWow64qedit.dll2013-07-15 23:49 . 2013-05-06 06:03 1887744 ----a-w- c:windowssystem32WMVDECOD.DLL2013-07-15 23:49 . 2013-05-06 04:56 1620480 ----a-w- c:windowsSysWow64WMVDECOD.DLL2013-07-15 23:30 . 2011-07-24 01:44 161720 ----a-w- c:program files (x86)4pres.dll2013-06-18 01:48 . 2013-06-18 01:48 -------- d-----w- c:program files (x86)Microsoft.NET...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-16 02:45 . 2010-07-10 01:13 78185248 ----a-w- c:windowssystem32MRT.exe2013-06-13 01:45 . 2012-06-02 00:14 692104 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-06-13 01:45 . 2011-05-15 19:22 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-05-13 05:51 . 2013-06-12 01:30 184320 ----a-w- c:windowssystem32cryptsvc.dll2013-05-13 05:51 . 2013-06-12 01:30 1464320 ----a-w- c:windowssystem32crypt32.dll2013-05-13 05:51 . 2013-06-12 01:30 139776 ----a-w- c:windowssystem32cryptnet.dll2013-05-13 05:50 . 2013-06-12 01:30 52224 ----a-w- c:windowssystem32certenc.dll2013-05-13 04:45 . 2013-06-12 01:30 1160192 ----a-w- c:windowsSysWow64crypt32.dll2013-05-13 04:45 . 2013-06-12 01:30 103936 ----a-w- c:windowsSysWow64cryptnet.dll2013-05-13 04:45 . 2013-06-12 01:30 140288 ----a-w- c:windowsSysWow64cryptsvc.dll2013-05-13 03:43 . 2013-06-12 01:30 1192448 ----a-w- c:windowssystem32certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 903168 ----a-w- c:windowsSysWow64certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 43008 ----a-w- c:windowsSysWow64certenc.dll2013-05-10 05:49 . 2013-06-12 01:30 30720 ----a-w- c:windowssystem32cryptdlg.dll2013-05-10 03:20 . 2013-06-12 01:30 24576 ----a-w- c:windowsSysWow64cryptdlg.dll2013-05-08 06:39 . 2013-06-12 01:30 1910632 ----a-w- c:windowssystem32driverstcpip.sys2013-05-03 01:15 . 2013-05-03 01:15 73728 ----a-w- c:windowsSysWow64SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 719360 ----a-w- c:windowsSysWow64mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 61952 ----a-w- c:windowsSysWow64tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 523264 ----a-w- c:windowsSysWow64vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowsSysWow64mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 38400 ----a-w- c:windowsSysWow64imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 361984 ----a-w- c:windowsSysWow64html.iec2013-05-03 01:15 . 2013-05-03 01:15 23040 ----a-w- c:windowsSysWow64licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 226304 ----a-w- c:windowssystem32elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 185344 ----a-w- c:windowsSysWow64elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 158720 ----a-w- c:windowsSysWow64msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 150528 ----a-w- c:windowsSysWow64iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1441280 ----a-w- c:windowsSysWow64inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 138752 ----a-w- c:windowsSysWow64wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 137216 ----a-w- c:windowsSysWow64ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowsSysWow64mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 110592 ----a-w- c:windowsSysWow64IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 1054720 ----a-w- c:windowssystem32MsSpellCheckingFacility.exe2013-05-03 01:15 . 2013-05-03 01:15 97280 ----a-w- c:windowssystem32mshtmled.dll2013-05-03 01:15 . 2013-05-03 01:15 92160 ----a-w- c:windowssystem32SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 905728 ----a-w- c:windowssystem32mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 81408 ----a-w- c:windowssystem32icardie.dll2013-05-03 01:15 . 2013-05-03 01:15 77312 ----a-w- c:windowssystem32tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 762368 ----a-w- c:windowssystem32ieapfltr.dll2013-05-03 01:15 . 2013-05-03 01:15 62976 ----a-w- c:windowssystem32pngfilt.dll2013-05-03 01:15 . 2013-05-03 01:15 599552 ----a-w- c:windowssystem32vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 52224 ----a-w- c:windowssystem32msfeedsbs.dll2013-05-03 01:15 . 2013-05-03 01:15 51200 ----a-w- c:windowssystem32imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowssystem32mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 452096 ----a-w- c:windowssystem32dxtmsft.dll2013-05-03 01:15 . 2013-05-03 01:15 441856 ----a-w- c:windowssystem32html.iec2013-05-03 01:15 . 2013-05-03 01:15 281600 ----a-w- c:windowssystem32dxtrans.dll2013-05-03 01:15 . 2013-05-03 01:15 27648 ----a-w- c:windowssystem32licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 270848 ----a-w- c:windowssystem32iedkcs32.dll2013-05-03 01:15 . 2013-05-03 01:15 247296 ----a-w- c:windowssystem32webcheck.dll2013-05-03 01:15 . 2013-05-03 01:15 235008 ----a-w- c:windowssystem32url.dll2013-05-03 01:15 . 2013-05-03 01:15 216064 ----a-w- c:windowssystem32msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 197120 ----a-w- c:windowssystem32msrating.dll2013-05-03 01:15 . 2013-05-03 01:15 173568 ----a-w- c:windowssystem32ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 167424 ----a-w- c:windowssystem32iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1509376 ----a-w- c:windowssystem32inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 149504 ----a-w- c:windowssystem32occache.dll2013-05-03 01:15 . 2013-05-03 01:15 144896 ----a-w- c:windowssystem32wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 1400416 ----a-w- c:windowssystem32ieapfltr.dat2013-05-03 01:15 . 2013-05-03 01:15 13824 ----a-w- c:windowssystem32mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 136192 ----a-w- c:windowssystem32iepeers.dll2013-05-03 01:15 . 2013-05-03 01:15 135680 ----a-w- c:windowssystem32IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowssystem32msfeedssync.exe2013-05-03 01:15 . 2013-05-03 01:15 102912 ----a-w- c:windowssystem32inseng.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 522752 ----a-w- c:windowssystem32XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 465920 ----a-w- c:windowssystem32WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 417792 ----a-w- c:windowsSysWow64WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3928064 ----a-w- c:windowssystem32d2d1.dll2013-05-03 01:11 . 2013-05-03 01:11 364544 ----a-w- c:windowsSysWow64XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 363008 ----a-w- c:windowssystem32dxgi.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2776576 ----a-w- c:windowssystem32msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 2565120 ----a-w- c:windowssystem32d3d10warp.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2284544 ----a-w- c:windowsSysWow64msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 220160 ----a-w- c:windowsSysWow64d3d10core.dll2013-05-03 01:11 . 2013-05-03 01:11 1682432 ----a-w- c:windowssystem32XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1158144 ----a-w- c:windowsSysWow64XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1080832 ----a-w- c:windowsSysWow64d3d10.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 1175552 ----a-w- c:windowssystem32FntCache.dll2013-05-03 01:11 . 2013-05-03 01:11 648192 ----a-w- c:windowssystem32d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 604160 ----a-w- c:windowsSysWow64d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 3419136 ----a-w- c:windowsSysWow64d2d1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2009-02-27 35696]"Dell DataSafe Online"="c:program files (x86)Dell DataSafe OnlineDataSafeOnline.exe" [2010-02-09 1807680]"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-10-15 498160]"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2013-03-13 1532992]"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2013-02-18 152392].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]"c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2012-02-10 559616].c:programdataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan2.1.121SSScheduler.exe [2010-9-3 255536]Microsoft Office.lnk - c:program files (x86)Microsoft OfficeOfficeOSA9.EXE -b -l [1999-2-17 65588].c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe /firstrun [2009-12-15 1324384].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:windowssystem32driversHipShieldK.sys;c:windowsSYSNATIVEdriversHipShieldK.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe [x]R3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys;c:windowsSYSNATIVEdriversmferkdet.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:windowssystem32driversmfewfpk.sys;c:windowsSYSNATIVEdriversmfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys;c:windowsSYSNATIVEDriversPxHlpa64.sys [x]S1 aswKbd;aswKbd; [x]S2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe;c:windowsSYSNATIVEDriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe [x]S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [x]S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe;c:program filesDellDellDockDockLogin.exe [x]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:windowssystem32mfevtps.exe;c:windowsSYSNATIVEmfevtps.exe [x]S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [x]S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE [x]S3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys;c:windowsSYSNATIVEdriverscfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys;c:windowsSYSNATIVEDRIVERSCtClsFlt.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys;c:windowsSYSNATIVEdriversmfefirek.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys;c:windowsSYSNATIVEDriversRtsUStor.sys [x]S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys;c:windowsSYSNATIVEDRIVERSSftfslh.sys [x]S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys;c:windowsSYSNATIVEDRIVERSSftplaylh.sys [x]S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys;c:windowsSYSNATIVEDRIVERSSftredirlh.sys [x]S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys;c:windowsSYSNATIVEDRIVERSSftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys;c:windowsSYSNATIVEDRIVERSyk62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-16 00:32 1173456 ----a-w- c:program files (x86)GoogleChromeApplication28.0.1500.72Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-17 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-06-02 01:45].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Apoint"="c:program filesDellTPadApoint.exe" [2010-04-06 384296]"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2010-02-25 487424]"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-02-21 165912]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2010-02-21 387608]"Persistence"="c:windowssystem32igfxpers.exe" [2010-02-21 365592]"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-06-05 186904].------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmmLocal Page = c:windowsSysWOW64blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: msn.comdellTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-DellSupportCenter - c:program files (x86)Dell Support Centerbinsprtcmd.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SpywareTerminatorShield - c:program files (x86)Spyware TerminatorSpywareTerminatorShield.exeHKLM-Run-SpywareTerminatorUpdater - c:program files (x86)Spyware TerminatorSpywareTerminatorUpdate.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exec:windowsSysWOW64rundll32.exec:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exec:program files (x86)Dell DataSafe Local BackupTOASTER.EXEc:program files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXEc:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe.**************************************************************************.Completion time: 2013-07-17 19:38:18 - machine was rebootedComboFix-quarantined-files.txt 2013-07-18 00:38.Pre-Run: 245,965,357,056 bytes freePost-Run: 248,205,225,984 bytes free.- - End Of File - - 8472BCE7A80C5CEA96FB6ED6B63E4C88CDB4DE4BBD714F152979DA2DCBEF57EB
  8. Completed the scan. would you rather me attach the txt files or copy and paste them into the post? aswMBR.txt MBR.zip
  9. I removed my web search from this laptop but I have had a few browser crashes since then. I have uploaded attach, dds, attach.txt dds.txt
  10. ESET did not give me the option to list found threats or export them. It said it found no threats. MBAM seems to work fine alongside Kaspersky, I usually disable Kaspersky when I run it though. Here are the other two logs. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.04.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 LD :: LD-PC-DELL [administrator] Protection: Enabled 1/4/2013 5:52:24 PM mbam-log-2013-01-04 (17-52-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212716 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_desoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_defaultsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_essoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_frsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_itsoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_kosoundsfirecrackle.ogg c:program files (x86)wildtangentdell gamesbejeweled 2 deluxewtmui_zh-cnsoundsfirecrackle.ogg scanner sequence 3.FA.11.XJNAWB ----- EOF -----
  11. I have noit noted any other errors, popups or anything. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-02 19:11:37 ----------------------------- 19:11:37.921 OS Version: Windows x64 6.1.7601 Service Pack 1 19:11:37.921 Number of processors: 4 586 0x2A07 19:11:37.922 ComputerName: LD-PC-DELL UserName: LD 19:11:41.818 Initialize success 19:14:26.263 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 19:14:26.266 Disk 0 Vendor: ST31000524AS JC49 Size: 953869MB BusType: 3 19:14:26.277 Disk 0 MBR read successfully 19:14:26.280 Disk 0 MBR scan 19:14:26.282 Disk 0 Windows VISTA default MBR code 19:14:26.285 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 19:14:26.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920 19:14:26.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888 19:14:26.323 Disk 0 scanning C:Windowssystem32drivers 19:14:32.077 Service scanning 19:14:36.017 Service KL1 C:Windowssystem32DRIVERSkl1.sys **LOCKED** 5 19:14:36.046 Service kl2 C:Windowssystem32DRIVERSkl2.sys **LOCKED** 5 19:14:36.097 Service KLIM6 C:Windowssystem32DRIVERSklim6.sys **LOCKED** 5 19:14:36.125 Service klmouflt C:Windowssystem32DRIVERSklmouflt.sys **LOCKED** 5 19:14:42.632 Modules scanning 19:14:42.643 Disk 0 trace - called modules: 19:14:42.666 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 19:14:42.672 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa800659c060] 19:14:42.678 3 CLASSPNP.SYS[fffff88001e1743f] -> nt!IofCallDriver -> [0xfffffa800628e520] 19:14:42.683 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa800610c060] 19:14:42.689 Scan finished successfully 19:14:50.134 Disk 0 MBR has been saved successfully to "C:UsersLDDesktopMBR.dat" 19:14:50.138 The log file has been saved successfully to "C:UsersLDDesktopaswMBR.txt"
  12. For the past week or so Yahoo mail has been sending mass emails with an advertising link I suspect it may be my Motorola Smartphone but want to make sure my PC is clean. Dell Inspiron 620 64 bit windows 7 with 6 gigs of ram DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37 Run by LD at 22:21:41 on 2012-12-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4186 [GMT -6:00] . AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\splwow64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\notepad.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{9B7C596D-ACA4-43E7-9C63-184BAD56343B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C728B1EE-F695-4A3C-A324-59C80028D72E} : DHCPNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\9mfvx3zq.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\9mfvx3zq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-26 22:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-4 55856] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 206448] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-29 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-29 682344] R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-14 65657] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-4 1692480] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-5 3027840] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-4 317440] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-29 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-4 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-6 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-30 03:57:08 -------- d-----w- C:\Users\LD\AppData\Roaming\Malwarebytes 2012-12-30 03:57:06 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-30 03:57:05 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-30 03:57:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-30 03:56:51 -------- d-----w- C:\Users\LD\AppData\Local\Programs 2012-12-28 11:20:40 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F2AB67-F0DC-43F7-8C2F-51C1E804E005}\mpengine.dll 2012-12-25 04:26:49 -------- d--h--w- C:\ProgramData\CanonIJEGV 2012-12-25 04:10:34 -------- d-----w- C:\ProgramData\CanonIJ 2012-12-25 04:09:30 -------- d--h--w- C:\ProgramData\CanonIJScan 2012-12-25 04:08:43 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2 2012-12-25 04:08:42 -------- d--h--w- C:\ProgramData\CanonEPP 2012-12-25 02:14:41 -------- d-----w- C:\ProgramData\CanonIJPLM 2012-12-25 02:14:32 -------- d-----w- C:\ProgramData\Canon IJ Network Tool 2012-12-25 02:14:28 316416 ----a-w- C:\Windows\SysWow64\CNC_B1L.dll 2012-12-25 02:14:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2012-12-25 02:14:28 102912 ----a-w- C:\Windows\SysWow64\CNC_B1U.dll 2012-12-25 02:14:27 -------- d--h--w- C:\ProgramData\CanonIJFAX 2012-12-25 02:12:55 -------- d-----w- C:\Program Files\Common Files\CANON 2012-12-25 02:12:47 -------- d-----w- C:\ProgramData\CanonIJWSpt 2012-12-25 02:11:23 -------- d-----w- C:\Program Files\Canon 2012-12-25 02:10:11 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB1.DLL 2012-12-25 02:10:11 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB1.DLL 2012-12-25 02:10:04 385024 ----a-w- C:\Windows\System32\CNMLMB1.DLL 2012-12-25 02:10:03 302592 ----a-w- C:\Windows\System32\CNCALB1.DLL 2012-12-25 02:09:59 256000 ----a-w- C:\Windows\System32\CNMIUB1.DLL 2012-12-25 02:09:43 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2012-12-25 02:09:43 -------- d-----w- C:\Windows\System32\STRING 2012-12-25 02:09:42 356864 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2012-12-25 01:47:46 -------- d-----w- C:\Program Files (x86)\Canon 2012-12-21 09:00:25 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 09:00:25 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 09:00:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 09:00:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-13 01:15:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-06 00:41:02 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe . ==================== Find3M ==================== . 2012-12-11 19:45:47 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 19:45:47 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-23 00:50:23 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 22:22:07.23 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/5/2012 6:18:48 PM System Uptime: 12/29/2012 10:10:17 PM (0 hours ago) . Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 851.461 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP134: 12/18/2012 2:04:06 AM - Windows Update RP135: 12/21/2012 3:00:11 AM - Windows Update RP136: 12/25/2012 12:19:27 AM - Windows Update RP137: 12/28/2012 5:20:15 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Bounce Symphony Build-a-lot 2 Cake Mania Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 5.1 Canon MX430 series MP Drivers Canon MX430 series On-screen Manual Canon MX430 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CHIRP Chuzzle Deluxe Citrix Presentation Server Client - Web Only Conexant HD Audio D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Edoc Viewer Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Support Center Dell VideoStage Diablo III Diner Dash 2 Restaurant Rescue DirectX 9 Runtime Dora's World Adventure eBay EchoLink Escape Whisper Valley Family Tree Legends Farm Frenzy FATE Final Drive Fury Final Drive Nitro FTB7900 Garmin BaseCamp Garmin USB Drivers GotoCamera Client GSAK 8.1.1.44 (patch) Intel® Processor Graphics Java Auto Updater Java 6 Update 27 (64-bit) Java 6 Update 37 Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Kaspersky Anti-Virus 2012 Logitech Vid HD Logitech Webcam Software Luxor Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Corporation Microsoft IntelliType Pro 8.2 Microsoft LifeCam Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MotoCast MotoHelper MergeModules Motorola Device Manager Motorola Device Software Update MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.9.0 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Namco All-Stars PAC-MAN Netflix in Windows Media Center Penguins! PhotoShowExpress PL-2303 USB-to-Serial Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer RBVirtualFolder64Inst Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Samantha Swift Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 Sonic CinePlayer Decoder Pack TeamViewer 7 TG-UV2.2 TrustedID Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 10:11:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/29/2012 10:11:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/29/2012 10:11:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. . ==== End Of File =========================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:39 PM, on 12/29/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe C:\Users\LD\Downloads\Antivirus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11718 bytes
  13. Than you very much. I appreciate the time you invested to help me out. Everything seems to be zipping right along and a lot better. One more Question. What free antivirus do you recommend?
  14. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=8d6e7df687c3ed4a96cd9de91974e696 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-26 11:28:22 # local_time=2011-03-26 06:28:22 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 14491442 14491442 0 0 # compatibility_mode=1024 16777215 100 0 12404410 12404410 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=450085 # found=8 # cleaned=8 # scan_time=35940 C:\Documents and Settings\LD Harrison\Application Data\Sun\Java\Deployment\cache\6.0\26\78482bda-7b30ab6b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\LD Harrison\My Documents\Software and instalation files\Drivers for usb to serial cable\CH341SER.EXE probably a variant of Win32/Agent.BQHRDXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\268fb64-25807394 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C F:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\330b3de5-392ba355 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C F:\Program Files\Gamevance\gvun.exe Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\I386\Apps\APP16726\src\SpyInstall_HPPre.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C G:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP704\A0119108.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6179 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/26/2011 11:22:02 PM mbam-log-2011-03-26 (23-22-02).txt Scan type: Quick scan Objects scanned: 151915 Time elapsed: 11 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. ComboFix 11-03-24.06 - LD Harrison 03/25/2011 17:49:47.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.557 [GMT -5:00] Running from: c:\documents and settings\LD Harrison\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LD Harrison\g2mdlhlpx.exe c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2} c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome.manifest c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\_cfg.js c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\c.js c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\chrome\content\overlay.xul c:\documents and settings\LD Harrison\Local Settings\Application Data\{F51FAA22-2B9D-4CC9-BDD6-28B6BB290FA2}\install.rdf c:\netzeroinstaller\NetZeroInstaller.exe c:\windows\system32\midas.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll G:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))) . . 2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-03-25 04:27 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-03-25 04:27 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-03-25 04:27 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-03-25 04:27 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-03-25 04:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-03-25 04:27 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-03-25 04:27 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-03-11 03:08 . 2011-03-11 03:09 -------- d-----w- c:\program files\Hanso Recorder 2011-03-11 00:19 . 2011-03-11 00:19 -------- d-----w- c:\program files\PX 2011-03-11 00:13 . 2011-03-11 00:13 -------- d-----w- c:\program files\PuXing 2011-03-09 03:42 . 2011-03-09 03:42 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Weathersoft 2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Weathersoft 2011-03-09 03:40 . 2011-03-09 03:40 -------- d-----w- c:\program files\Weathersoft 2011-03-07 04:20 . 2011-03-07 04:20 -------- d-----w- c:\documents and settings\LD Harrison\Application Data\Thunderbird 2011-03-04 02:04 . 2011-03-19 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-03-04 02:04 . 2011-03-04 02:04 -------- d-----w- c:\program files\FTB7900 2011-03-04 02:04 . 2009-02-06 16:41 143360 ----a-w- c:\windows\system32\scom60.OCX 2011-03-04 02:04 . 2009-02-06 16:40 106496 ----a-w- c:\windows\system32\Protocol.dll 2011-03-04 02:04 . 2009-02-06 16:40 114688 ----a-w- c:\windows\system32\supercom.dll 2011-03-04 02:04 . 2004-04-29 20:23 311296 ----a-w- c:\windows\system32\c1sizer.ocx 2011-03-04 02:04 . 2002-12-02 15:03 447760 ----a-w- c:\windows\system32\Vsflex7L.ocx 2011-02-27 22:57 . 2011-02-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-02-26 15:28 . 2011-03-12 23:30 -------- d-----w- c:\documents and settings\LD Harrison\fldigi.files 2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\documents and settings\LD Harrison\NBEMS.files 2011-02-26 15:28 . 2011-02-26 15:28 -------- d-----w- c:\program files\Fldigi-3.21.3 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2005-03-02 23:44 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2005-03-02 23:44 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-03 03:40 . 2011-01-11 05:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19 . 2008-07-16 19:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2005-03-03 00:54 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2005-03-03 00:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2005-03-02 23:44 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2005-03-02 23:44 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2005-03-02 23:44 1854976 ----a-w- c:\windows\system32\win32k.sys 1998-04-30 20:56 . 2006-06-15 00:01 129024 ----a-w- c:\program files\UNWISE.EXE 2011-03-18 17:53 . 2011-03-25 04:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-02 1953792] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTMSG"="LTMSG.exe 7" [X] "3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952] "CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248] "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 2748928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "GPSTrackingUnit"="c:\program files\Beacon GPS Tracking Unit\MonitorSupa.exe" [2007-12-11 36864] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "PATHPILOT"="c:\program files\Hanso Recorder\Hanso Recorder.lnk" [2011-03-11 682] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\LD Harrison\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2002-8-9 299008] Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-25 113664] Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-12-25 270336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-25 106496] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\LD Harrison\\Desktop\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\LD Harrison\\My Documents\\emulators\\nes\\nesticleo42\\NESTCL95.EXE"= "c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "22576:TCP"= 22576:TCP:BitComet 22576 TCP "22576:UDP"= 22576:UDP:BitComet 22576 UDP . R1 Myscope;Myscope;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys [4/20/2008 3:39 PM 82920] R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/1/2007 7:08 PM 70016] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/7/2010 5:21 PM 91392] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/9/2010 10:40 PM 2011944] S2 gupdate1c8ff664d35f32c;Google Update Service (gupdate1c8ff664d35f32c);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2008 1:06 AM 133104] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [9/28/2007 8:25 PM 37488] S3 DoradoPC;Conexant VGA Camera;c:\windows\system32\drivers\drdvid40.sys [1/22/2007 12:05 AM 106816] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [11/16/2006 6:46 PM 19034] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/9/2010 12:49 AM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/6/2009 9:27 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [1/9/2010 12:49 AM 23936] S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2/5/2008 8:51 PM 51200] S3 Usrserft;Myscope Upper Filter Driver;c:\program files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys [4/20/2008 3:39 PM 65592] S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [7/6/2008 12:44 PM 16925] . Contents of the 'Scheduled Tasks' folder . 2011-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 15:28] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-16 03:59] . 2005-10-14 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2005-10-14 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2005-10-14 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-03 00:12] . 2011-03-25 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-10-14 22:26] . 2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{4597B97F-F354-46AB-8D3B-B7B882A3A2F5}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228" IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm FF - ProfilePath - c:\documents and settings\LD Harrison\Application Data\Mozilla\Firefox\Profiles\6dlh64pv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . AddRemove-DVD Decrypter - c:\program files\DVD Decrypter\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-25 18:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2432) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\program files\TeamViewer\Version5\TeamViewer.exe c:\windows\LTMSG.exe c:\progra~1\AIM\AIMWDI~1.EXE c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe c:\windows\system32\HPZipm12.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Completion time: 2011-03-25 18:15:57 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-25 23:15 . Pre-Run: 52,061,257,728 bytes free Post-Run: 62,421,663,744 bytes free . - - End Of File - - DBD651BCD6710B5AD68DA8F8E443D75F
×
×
  • Create New...