Jump to content

Change Mode

Malware for 6 Days - Nothing is Helping


nadalotta
 Share

Recommended Posts

Click on Computer, go into C:\Program Files ..... look for:

 

Uninstaller: "C:\Program Files\IObit\Surfing Protection\unins000.exe" <--- use the uninstaller

then,

C:\Program Files\IObit <--- delete this folder, empty recycle bin

 

Now, follow my instructions for DDS above.

Link to comment
Share on other sites

  • Replies 131
  • Created
  • Last Reply

Top Posters In This Topic

Hello again Madam,

 

I wasn't sure if I should add this question to the ones above but I don't know if it's exactly related so...

 

Somewhere during the process of getting rid of the adware (thank you!), I noticed I have some ghosts on my desk top. All but the last two are from some very old Word 97 docs that was moved forward to my Vista computer when it was being set up. (The first few were from Word 97 which was transferred to my currect Word; I have that converter tool so I can read the old docs which I've used before but it's never left a ghost of the document). Here they are {all accessed 21 July 2014 unless otherwise noted which is incorrect for at least the pain diary}:

 

1. ~SefsEBible...

2. Whoops, when I left clicked on it, it repeated into another ghost.

3. ~SESTIONS FOR ELLE....

4. ~Snal_5_isa...

5. ~SO WEEK PAIN DIAR

6. desktop.ini

7. duplicate of above

8. desktop.ini

9. ~$14 CREDIT CARDS.docx {last accessed 8-15-14}
10. ~S SERIES TO WATCH.docx {last accessed 9-24-14}

 

EDITED TO ADD:

I Googled "Ghosts on Vista desktop" and someone suggested going to Control Panel and unclick this: 'Show hidden files and folders'. I'm hesitating because why would those files suddenly show up when I've always had that box checked? If they appeared due to something in the adware removal process, should I do something else? Thank you!!

Link to comment
Share on other sites

EDITED (AGAIN!) OMG, I found it! When I opened the file to see what's in there - wow - Advanced System care 3, 4, 5, 6, And several others, including Surfing Protection. I'm going to trash this - thanks!!

 

Uh oh, Madam,

 

I saw your reply - thank you!- but it took me a few mins to find IObit in my Program Files (which was created 11-15). It has 156MBs. However, the only "Uninstall" folder below that is "Uninstall Information" which is blank.

 

I even went to the Control Panel > but there was no iobit.

 

I'm truly sorry but I don't know how to uninstal this iobt folder in my Program Files.

Edited by nadalotta
Link to comment
Share on other sites

EDITED TO ADD:

I'M NOT QUITE SURE WHAT ALL OF THIS IS - IS IT MY START UP FOLDER? IF SO, NO WONDER IT TAKES SO LONG TO LOG IN!! ALSO, I DON'T THINK I USE BLUETOOTH - WOULDN'T I KNOW IF I WERE? BTW, BOUNCEBACK IS LIKE MOZY. I HAVE NO IDEA WHAT HVCHOST ITEMS FOR; WELL, ACTUALLY, I DON'T KNOW WHAT A LOT OF THESE ITEMS ARE FOR. ALSO, I HAVE SECUNIA PSI - IS THIS ALRIGHT? I'M WORRIED BECAUSE I TRUSTED IObit and look what happened? THANK YOU!

P.S. Can I upload the updates - 1 for Java and 4 important for Windows? Thanks!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16592
Run by Donna at 14:20:35 on 2014-11-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1049 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Brother\Brother Help\BrotherHelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CuteReminderPro\CuteReminder.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Weather Watcher Live\ww.exe
C:\Users\Donna\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\valecam\SilkQuit\SilkQuit.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EverNote\EverNote\EvernoteClipper.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080930
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080930
uURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
dURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CuteReminder] c:\program files\cutereminderpro\CuteReminder.exe
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\donna\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WeatherWatcherLive] "c:\program files\weather watcher live\ww.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Amazon Music] "c:\users\donna\appdata\local\amazon music\Amazon Music Helper.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [PMX Daemon] "ICO.EXE"
mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [brMfcWnd] "c:\program files\brother\brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [Corel File Shell Monitor] "c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [brHelp] c:\program files\brother\brother help\BrotherHelp.exe /AUTORUN
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\users\donna\appdata\roaming\micros~1\windows\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBStartup.exe
StartupFolder: c:\users\donna\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\donna\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\donna\appdata\roaming\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\silkqu~1.lnk - c:\program files\valecam\silkquit\SilkQuit.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Customize Menu - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Save Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Show RoboForm Toolbar - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0701D43-60BA-4D71-B3D7-12BFA9D1AC6B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - LocalServer32 - <no file>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - <Clsid value has no data>
Handler: sacore - <Clsid value has no data>
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\donna\appdata\roaming\mozilla\firefox\profiles\ilt58l3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wvculture.org/vrr/va_select.aspx|http://home.ancestry.com/|http://www.yahoo.com/|http://www.amazon.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1379190692&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai|https://login.comcast.net/login?s=portal|https://mail.google.com/mail/u/0/?tab=wm#inbox
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\siber systems\ai roboform\chrome\plugin\np-rf-plugin.dll
FF - plugin: c:\program files\siber systems\ai roboform\chrome\plugin\nprobo1.dll
FF - plugin: c:\users\donna\appdata\local\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\users\donna\appdata\roaming\mozilla\firefox\profiles\ilt58l3p.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1209149.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - ExtSQL: 2014-10-10 02:30; ascsurfingprotection@iobit.com; c:\users\donna\appdata\roaming\mozilla\firefox\profiles\ilt58l3p.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2009-06-26 10:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 MpKsl18209966;MpKsl18209966;c:\programdata\microsoft\microsoft antimalware\definition updates\{2553c52f-a19e-47d7-9f1f-42a1d7500f6c}\MpKsl18209966.sys [2014-11-16 39464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-29 95024]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 BBWatcherService;BBWatcherService;c:\program files\cms products\bounceback express\BBWatcherService.exe [2011-10-19 36864]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-7-25 242216]
R2 GlidePoint;GlidePoint Touchpad Client;c:\program files\glidepoint\glidesvc.exe [2007-3-29 176128]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-21 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-21 968504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 95920]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-5-1 196624]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-26 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-26 681056]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2014-6-21 78960]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2014-6-21 18800]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2014-6-21 282112]
R3 glideusb;GlidePoint USB Touchpad Filter;c:\windows\system32\drivers\glideusb.sys [2007-2-27 44928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-25 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-21 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-21 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-9-29 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-9-29 235616]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-9-29 31616]
RUnknown MpKsl574b8789;MpKsl574b8789; [x]
S2 0140431316723141mcinstcleanup;McAfee Application Installer Cleanup (0140431316723141);c:\windows\temp\014043~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\014043~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 AGCoreService;AG Core Services;"c:\program files\agi\core\4.2\agcoreservice.exe" --> c:\program files\agi\core\4.2\AGCoreService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 gupdate1ca4d334a409610;Google Update Service (gupdate1ca4d334a409610);c:\program files\google\update\GoogleUpdate.exe [2009-10-14 107912]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\liveupdate.exe --> c:\program files\iobit\liveupdate\LiveUpdate.exe [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2013-7-3 225280]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-29 30192]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-9-29 141376]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-9-29 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-9-29 19008]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-11-16 10:44:48 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2553c52f-a19e-47d7-9f1f-42a1d7500f6c}\offreg.dll
2014-11-16 10:44:48 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2553c52f-a19e-47d7-9f1f-42a1d7500f6c}\MpKsl18209966.sys
2014-11-16 10:41:42 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2553c52f-a19e-47d7-9f1f-42a1d7500f6c}\mpengine.dll
2014-11-16 00:55:58 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{23f54f54-6c7a-4af7-874f-4372cd6fd7ab}\gapaengine.dll
2014-11-16 00:54:08 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-14 00:53:27 -------- d-----w- c:\programdata\AGI
2014-11-13 23:40:57 -------- d-----w- C:\AdwCleaner
2014-11-13 22:24:22 -------- d-----w- c:\users\donna\appdata\roaming\1H1Q1V1N1N1O1R
2014-11-13 14:28:48 -------- d-----w- c:\program files\common files\IObit
2014-11-13 08:58:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 08:58:32 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:57:30 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 08:57:30 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 08:57:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 08:57:30 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 08:56:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 08:56:09 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55:52 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:55:35 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:55:35 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:55:35 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:55:35 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:40:42 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:40:11 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:13:05 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-06 23:59:54 -------- d-----w- c:\program files\Mozilla Firefox.bak
2014-10-25 18:37:07 -------- d-----w- c:\users\donna\appdata\local\Spoon
.
==================== Find3M ====================
.
2014-11-16 21:12:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-13 08:39:24 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-13 08:39:21 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-13 08:39:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-13 08:39:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-13 08:39:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-13 08:39:03 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-13 08:39:01 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-12 00:45:38 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 00:45:38 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-06 07:02:56 1420 --sha-w- c:\windows\system32\KGyGaAvL.sys
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 18:11:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-14 19:22:12 52440 ----a-w- c:\windows\system32\drivers\jwyqrx.sys
2014-09-13 21:31:41 52440 ----a-w- c:\windows\system32\drivers\xapt.sys
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-09-01 19:51:42 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 14:21:46.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/29/2008 4:58:50 PM
System Uptime: 11/16/2014 1:28:19 AM (13 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz | CPU | 2826/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 570.455 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.759 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1567.222 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2805: 10/25/2014 12:00:07 AM - Scheduled Checkpoint
RP2806: 10/26/2014 12:46:38 AM - Scheduled Checkpoint
RP2807: 10/26/2014 2:20:25 AM - Windows Update
RP2808: 10/27/2014 3:58:52 PM - Scheduled Checkpoint
RP2809: 10/29/2014 6:02:27 AM - Windows Update
RP2810: 10/30/2014 12:00:11 AM - Scheduled Checkpoint
RP2811: 10/31/2014 12:26:48 AM - Scheduled Checkpoint
RP2812: 11/1/2014 12:16:03 PM - Scheduled Checkpoint
RP2813: 11/1/2014 1:49:48 PM - Windows Update
RP2814: 11/3/2014 10:41:20 PM - Scheduled Checkpoint
RP2815: 11/4/2014 1:00:24 PM - Windows Update
RP2816: 11/5/2014 2:07:37 AM - Scheduled Checkpoint
RP2817: 11/5/2014 3:11:26 PM - Windows Update
RP2818: 11/6/2014 12:02:36 PM - Windows Update
RP2819: 11/9/2014 12:08:44 PM - Removed Driver Support.
RP2820: 11/9/2014 10:26:15 PM - Removed Driver Support.
RP2821: 11/10/2014 9:55:39 PM - Windows Update
RP2822: 11/12/2014 11:12:33 PM - Windows Modules Installer
RP2823: 11/13/2014 12:37:58 AM - Windows Modules Installer
RP2824: 11/14/2014 2:21:30 AM - Scheduled Checkpoint
RP2825: 11/14/2014 2:30:58 AM - Windows Update
RP2826: 11/14/2014 3:15:33 PM - Scheduled Checkpoint
RP2827: 11/16/2014 2:52:38 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.1 Decoder (remove only)
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Elements Studio Launcher
Adobe ExtendScript Toolkit 2
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader X (10.1.12)
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
Agenda
AM-DeadLink 4.5
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Amazon Music
Amazon Music Importer
Ancestry Toolbar
Ancestry World Archives Project - Keying Tool
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft TotalMedia HDCam
ATI Catalyst Control Center
ATI Catalyst Install Manager
Audacity 2.0.3
Background Magic
BCL easyConverter SDK 3 (Word Version)
Belarc Advisor 8.1
Bonjour
Book Collector
BounceBack Express
Brother MFL-Pro Suite
Brother MFL-Pro Suite MFC-J650DW
Browser Address Error Redirector
calibre
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CCleaner
CCScore
CNET TechTracker
CoffeeCup HTML Editor 2008
Collectorz.com Book Collector
Collectorz.com Movie Collector
Collectorz.com Photo Collector
Comcast Desktop Software (v1.2.1)
Compatibility Pack for the 2007 Office system
Complete Care Consumer Service Agreement
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro Photo X2
CR2
Cute Reminder Professional Edition 2.6
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
Dell Webcam Center
Dell Webcam Manager
DHTML Editing Component
Digital Line Detect
DirectXInstallService
Discware Lite
EarthLink Setup Files
EDocs
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EULAlyzer 2.2
EverNote
Evernote v. 4.6.5
Family Atlas 1.0.5.84
Family Tree Maker 2006
Family Tree Maker 2010
Family Tree Maker 2011
Family Tree Maker 2012
Family Tree Maker 2014
FamilySearch Indexing 3.12.1
FitDay PC version 2.0
Foxit Cloud
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
FTMVistaUpdater
GenSmarts
GIMP 2.6.11
GlidePoint® Touchpad Driver 3.3 (Beta)
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games 2007
Hoyle Casino 2007
HTML-Kit
Icon Creator
IconArt
Image Resizer for Windows
ImageSkill Background Remover 3
ImgBurn
Intel® Matrix Storage Manager
Intel® PRO Network Connections 12.1.12.4
IObit Apps Toolbar v9.7
IrfanView (remove only)
iTunes
Java 7 Update 67
Java Auto Updater
Kodak EasyShare software
Legacy 7.5
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliType Pro 6.2
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0
Microsoft WSE 3.0 Runtime
Mobipocket Reader 6.2
Modem Diagnostic Tool
Moffsoft FreeCalc
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Mouse Suite for Desktop Computers
Movie Collector
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MozyHome
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
muvee Plugin 1.0
netbrdg
NetWaiting
Nitro Reader 3
OfotoXMI
OGA Notifier 2.0.0048.0
Opera 12.17
Opera Stable 25.0.1614.68
PC Pitstop Optimize2 2.0
PC Tutor™ Learn Windows Vista™ & Office™ Deluxe
Personal Historian 2.0.2.3
QualXServ Service Agreement
Quicken 2010
QuickTime 7
Rhapsody MP3 Download Manager
RoboForm 7-9-8-5 (All Users)
RootsMagic 6.3.3.2
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
SAMSUNG Intelli-studio
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SFR
SFR2
SHASTA
SilkQuit v2.60
skin0001
Skins
SKINXSDK
staticcr
Stay Secure
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Weather Watcher Live
Webshots Desktop
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinZip 12.1
WIRELESS
XPS MiniView Gadget
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader
Zinio Reader 4
.
==== End Of File ===========================

Edited by nadalotta
Link to comment
Share on other sites

Grrrrrrr!

 

I had some time so I ran the HouseCall program. Nothing - yay! Later, I decided to try it again with the advanced scan. It's taking awhile - nothing new - 242 minutes (40 mins) and it's so far found 1 threat. :yikes:

 

Is anything above that is still undone something that will take care of this or is this something new? I've been feeling so confident since recently when I opened Firefox and the page persona was the one I'd always had. The one added by the person/program that added the malware/adware is totally gone so I thought all of the bad stuff on my computer was gone.

 

Thanks!

Link to comment
Share on other sites

OK, I found you! BTW, on Housecalls, I'm at 451 minutes (63%) with still the 1 threat.

 

Thanks!

 

EDITED TO ADD: I'M HOPING HOUSECALLS WILL BE AT 100% BY THE TIME I GO ONLINE AGAIN. FINGERS CROSSED!

 

EDITED TO ADD 17 NOV: WELL, SO MUCH FOR THAT - IT'S AT 82% AT 1039 MINUTES WITH 1 THREAT.

 

EDITED TO ADD: WELL, IT'S 11:15AM AND i'M AT 82% AT 1196 MINUTES WITH 1 THREAT. I WONDER IF I'LL EVER GET TO 90%!

Edited by nadalotta
Link to comment
Share on other sites

Is this what HouseCall has found? ---> c:\users\donna\appdata\roaming\1H1Q1V1N1N1O1R

 

You have a ton of programs running at startup and in the background! Many of them can be started manually when you need them.

 

I still see IObit Apps Toolbar v9.7 in your installed programs ...also, c:\program files\common files\IObit

Click on the 'gear' icon, top right of you screen, click on "manage ad-ons", disable IObit Apps Toolbar v9.7.

Link to comment
Share on other sites

EDITED TO ADD (OF COURSE!) Just for the heck of it, I clicked the browse button to the right of the Use Source and it opened into the Documents Folder. I looked at the file folders when I noticed near the bottom it showed FILE NAME: iobitapps Toolbar .msi and, to the right of that, it's in "Installation Package (*.msi) (the latter is the only choice). Under Installation Package (*.msi) are Open and Cancel buttons. Does this help any? p.s. For some reason, I have a Windows Installer which is Preparing to Remove and I can't access it because it's hanging (you know, when it won't work unless you're lucky or do something to force close it. That's the only thing hanging.

 

p.s. As of right now, House Calls has been scanning for 1693 mins at 85% done with the 1 threat.

 

Hello Madam,

 

I was able to do the c:\program files\common files\IObit. It was created on the 13th. UGH. I checked its properties and there are 2 folders in it and it's only 8KB. Do I delete it then empty my recycle bin?

 

Also, I don't know what the gear icon looks like - I'm using Firefox and couldn't find it. However, there was an Ad-on capability report. I looked there - no Iobit.

 

I found the IObit Apps Toolbar - sneaky them because I searched under mfg name. This one, though, didn't show IObit but Spigot. I tried to uninstall but got the Windows installer saying the feature you're trying to use is on a network resource that's unavailable. Click OK to try again, or enter an alternate path to a folder to a folder containing the installation pkg "iobits Toolbar .msi" in the box below. USER SOURCE: C:\Users\Donna\AppData\Local\Temp\{ED170A52-B8CC-4CBE-AAB8-DA99CE2AB04F}\ with a BROWSE button next to it.

 

This seems so familiar but I don't remember what to do. I'm so sorry this is taking so long - my level of comprehension is well, akin to a squash.

Edited by nadalotta
Link to comment
Share on other sites

You're doing excellent!

 

Let's see if Combofix can delete all the leftovers....

 

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply.

After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt

 

***A guide and tutorial on "How to use Combofix" can be found here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link to comment
Share on other sites

Whoops, I meant to type - So I'm to cancel out House Call and the other things and am going directly to your instructions re: Combofix. Actually, I did cancel everything but House Call which is at 87% at 2,467 mins with 1 threat. Also, I clicked on the link to see the list of programs that should be disabled which is a wonderful set of pages, BTW. The only programs I found there that I have are the following: Malwarebytes, Windows Firewall Vista and Windows Defender. (Well, plus Trend Micro but that's only because of House Calls).

 

****************************************

 

 

Thank you very much! So, I've cancelled out House call and the other things and am going directly to your instructions re: Combofix.

 

I really appreciate your help!

Edited by nadalotta
Link to comment
Share on other sites

EDITED TO ADD: MADAM, I THOUGHT I HAD IT! I D/L COMBOFIX, FOUND THE PROGRAMS THAT NEED TO BE DISABLED AND EVEN COPIED THE PAGES WITH YOUR INSTRUCTIONS AND THE ONE WITH INSTRUCTIONS ON HOW TO DISABLE THE PROGRAMS.

 

BUT THEN... *sigh* I got to the part that says to disconnect from the computer, even unplugging my computer. I must be missing something because I don't know how I'll be able to do the next steps? If the computer is unplugged, how will I see what's on my desktop? Thank you!

 

 

 

OK, I'll take that to mean I should have stopped House Calls too, lol.

 

I'm off to ComboFix-ville!/

 

 

BTW, I didn't realize it but I ran Trend Hijack this and have the log. Do you want me to post it? Does it have to be deleted? (I'm deleting the Hijack program)

Thanks!

Edited by nadalotta
Link to comment
Share on other sites

No, I don't need the HJT log.

 

The "unplugging" part is meant for unplugging your computer from your modem, so you aren't accessing the Internet. Don't unplug from the wall outlet :)

 

Just right click on the Combofix icon and choose to run as Administrator. When it's finished (wait!) it will produce a text log for you to copy and paste.

Link to comment
Share on other sites

OOOOOOOOOOOOOOOOOOOOooooooooohhhhhhhh!!! OK, I'm off to Combofix!

 

Thanks!!

 

UPDATE: First, though, I'm shutting down Windows Firewall Vista, Windows Defender and Malwarebytes. If this is wrong, please let me know!

Edited by nadalotta
Link to comment
Share on other sites

EDITED TO ADD 19 NOV:

 

THERE WEREN'T ANY WINDOWS SECURITY ESSENTIALS ICONS IN MY DESKTOP SO I THEN I CLICKED START THEN RIGHT CLICK MSE - WELL THAT WAS A SHORTCUT FOR STARTUP PROGRAMS.

 

SO I WENT BACK TO YOUR ORIGINAL INSTRUCTIONS AND.... TA DA! I WAS ABLE TO FIND MSE AND THEN CLICK ON SETTINGS AND, RIGHT THERE, WAS REAL TIME PROTECTION. ALL I HAVE TO DO IS CLICK THAT TO STOP THE PROTECTION - YAY! OK SO I'M GOING TO START AGAIN AND GET OFF OF THE INTERNET. THANKS AGAIN!

 

 

 

Wellllll, I thought I had it. I saw the little box with a lot of info flying by so I stepped away....

 

When I came back, that box was gone and replaced with

 

WARNING!!

ComboFix has detected the following real time scanner(s) to be active:

 

antivirus: Microsoft Security Essentials

antispyware: Microsoft Security Essentials

 

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

 

Please disable these scanners before clicking "OK".

 

First of all, (GRRRRRrrrr - I had to come back online and I've reconnected virus & Malware!).

 

OK - I know what that Microsoft Security Essentials icon looks like in my desktop, a green postal box with a green flag sticking upward. That wasn't in there, though, but rather a red shield with 2 swords crossing. That might be because I don't do automatic updating, although I have seen that green icon previously. Then click SETTINGS TAB then REAL TIME PROTECTION. I can't even get that far.

 

If I go to the red shield (since green box isn't there) then right click, my options are OPEN SECURITY CENTER, GO TO MICROSOFT SECURITY WEB SITE and EXIT.

 

I right clicked on Open Security Center but that goes to a place where I could Update and Fix; Go to MS Sec Web Site takes me back to Windows Security Center. I clicked on the left side (ignoring Windows Update because I have Updates to do but this needs to get fixed), then I clicked on Windows Firewall which now says is on (it had been turned off before I came back online), Windows Defender which is turned off and Internet Options. (I have no idea what boxes to check/uncheck there).

 

If I could just click on Security Essentials then uncheck Malware Protection, Security Essentials would be gone but I can't do it! I did see the Show me the antispyware programs on this computer which I checked and Security Essentials came as on and Windows Defender as Off.

 

Thank you!

 

EDITED TO ADD: WOULD EVERYTHING BE OKAY IF I CLICKED YES TO AUTOMATIC UPDATE? THE REASON I HAVEN'T CLICKED YES IS BECAUSE I HAVE A BUNCH OF UPDATES WAITING TO BE PUT ON MY COMPUTER AND WHAT IF ONE WERE TO BE MALICIOUS? THAT'S MY CONCERN. THANK YOU.

Edited by nadalotta
Link to comment
Share on other sites

You can temporarily stop MSE by typing services.msc in the start search box .... click on the icon that appears. Now scroll down to the program, and right click, choose properties, now click stop > up in the left hand corner.

 

Just make sure you're disconnect from the Internet, first.

Link to comment
Share on other sites

Hello again!

 

I went out for prob an hour. When I returned, my computer rebooted so I clicked my name and now it's back to normal. The only concern was that there was a warning not to allow any programs to run. I wasn't sure to find out as, much earlier in this process, there was a warning not to touch the keys once combo started. Anyway the little box came back - the one with all of the numbers earlier And it came up with this:

 

Almost done - this window will close in a short while. Please wait a few seconds for the report log to pop up.

ComboFix's log shall be located at:

C:\combofix. Text.

 

Ok,yay EXCEPT a normal looking (gray) warning box popped up with this:

 

Error saving file

C:\ComboFix\Hiv\Users\00000005\ntuser.dat!

Continue with next file

[RegCreateKeyEx:87 - The parameter is incorrect]

 

And then there are Yes and No boxes.

 

Am I in a pickle now? I'm so so sorry to tAke up so much of your time!

Link to comment
Share on other sites

Omg!i clicked yes and don't remember what I did next but a log.text - Notebook popped up!!

 

I wasn't sure what to type in the look here so I know I didn't get that far.

 

So I can turn on my MS Security Essentials, Malwarebytes, etc and get back on the Internet ? Thank you again!!

Edited by nadalotta
Link to comment
Share on other sites

Madam, I hope you're awake and able to come to this forum. ( I don't know if you're PST or even in the USA).

 

I really need to have Internet access tonight. If I don't hear anything then I'll assume it's ok to activate Internet protection (MSE, Malwarebytes and Windows Firewall, plug in the cable that will allow me to have Internet and be online. I've got to get some reports to a new doc before my app't tomorrow. (He was NOT a happy man as he's been waiting for them since Monday. I tried some humor, saying it didn't feel so good when the shoe is on the other foot, eh? That did NOT go over well - I need to remember not to be a smarty pants until my docs get to know me!)

 

It's 7:45 here - I can't delay some meds for too long and this one make me really tired. So I can wait for about an hour before I take the the med - this one makes me really tired.

Thank you so much again. You've been so kind!

Link to comment
Share on other sites

Here it is! I'm back online. Fingers crossed that it's fixed or almost fixed!

 

Thanks!

 

ComboFix 14-11-17.01 - Donna 11/19/2014 14:46:02.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.793 [GMT -8:00]
Running from: c:\users\Donna\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\background.html
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\content.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\lsdb.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\manifest.json
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\159\YeexR.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn\119\background.html
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn\119\content.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn\119\lsdb.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn\119\manifest.json
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgeajkpagegaanjcffndokbmifddcdn\119\tnAPXmxR2.js
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gebhifiddmaaeecbaiemfpejghjdjmhc_0.localstorage
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mlgeajkpagegaanjcffndokbmifddcdn_0.localstorage
c:\users\Donna\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Donna\Favorites\HISTORICAL NOTES VIA ANCESTRY.docx
c:\windows\system32\logs
c:\windows\system32\logs\Settings.dat
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-10-20 to 2014-11-20 )))))))))))))))))))))))))))))))
.
.
2014-11-19 23:42 . 2014-11-19 23:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-11-19 23:42 . 2014-11-19 23:42 -------- d-----w- c:\users\TestShare\AppData\Local\temp
2014-11-19 23:42 . 2014-11-19 23:42 -------- d-----w- c:\users\Missy\AppData\Local\temp
2014-11-19 23:42 . 2014-11-19 23:42 -------- d-----w- c:\users\Donna_2\AppData\Local\temp
2014-11-19 23:42 . 2014-11-19 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-19 11:06 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB96837B-DDF6-418C-809F-5D0DFD48B8F5}\mpengine.dll
2014-11-19 09:43 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-16 15:50 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-11-16 00:55 . 2014-09-17 02:12 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F54F54-6C7A-4AF7-874F-4372CD6FD7AB}\gapaengine.dll
2014-11-14 00:53 . 2014-11-14 00:53 -------- d-----w- c:\programdata\AGI
2014-11-13 23:40 . 2014-11-14 00:53 -------- d-----w- C:\AdwCleaner
2014-11-13 22:24 . 2014-11-13 22:24 -------- d-----w- c:\users\Donna\AppData\Roaming\1H1Q1V1N1N1O1R
2014-11-13 14:28 . 2014-11-13 14:28 -------- d-----w- c:\program files\Common Files\IObit
2014-11-13 08:58 . 2014-11-13 08:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 08:58 . 2014-11-13 08:58 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:57 . 2014-11-13 08:57 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 08:57 . 2014-11-13 08:57 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 08:57 . 2014-11-13 08:57 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 08:57 . 2014-11-13 08:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 08:56 . 2014-11-13 08:56 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 08:56 . 2014-11-13 08:56 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55 . 2014-11-13 08:55 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:55 . 2014-11-13 08:55 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:55 . 2014-11-13 08:55 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:55 . 2014-11-13 08:55 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:55 . 2014-11-13 08:55 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:40 . 2014-11-13 08:40 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:40 . 2014-11-13 08:40 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:13 . 2014-11-13 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-25 18:37 . 2014-10-25 18:37 -------- d-----w- c:\users\Donna\AppData\Local\Spoon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-19 19:58 . 2014-06-22 03:11 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 00:45 . 2012-04-11 19:08 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 00:45 . 2011-05-19 23:15 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2009-10-02 16:02 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 18:11 . 2014-06-22 03:10 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-06-22 03:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2009-03-26 07:39 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-17 02:12 . 2011-10-11 09:02 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-14 19:22 . 2014-09-14 19:22 52440 ----a-w- c:\windows\system32\drivers\jwyqrx.sys
2014-09-13 21:31 . 2014-09-13 21:31 52440 ----a-w- c:\windows\system32\drivers\xapt.sys
2014-09-04 23:27 . 2014-10-15 23:55 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-09-01 19:51 . 2014-09-01 19:51 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-23 01:03 . 2014-08-29 21:31 297984 ----a-w- c:\windows\system32\gdi32.dll
2010-08-10 18:02 . 2014-11-12 05:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 21:01 . 2014-11-12 05:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2014-08-19 22:33 4874056 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2014-08-19 22:33 4874056 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CuteReminder"="c:\program files\CuteReminderPro\CuteReminder.exe" [2008-03-19 1048064]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2009-07-21 2707526]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WeatherWatcherLive"="c:\program files\Weather Watcher Live\ww.exe" [2013-07-03 2116160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 68856]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Amazon Music"="c:\users\Donna\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-07-28 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-09-04 40336]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2013-04-05 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-12-27 4522496]
"BrHelp"="c:\program files\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-07-28 109784]
.
c:\users\Donna_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\TestShare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBStartup.exe [2011-10-19 40960]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
EvernoteClipper.lnk - c:\program files\EverNote\EverNote\EvernoteClipper.exe [2013-5-8 1089888]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe /t [2009-12-22 157088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-29 50688]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-8-19 4667208]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-26 572000]
SilkQuit Meter.lnk - c:\program files\valecam\SilkQuit\SilkQuit.exe [2002-8-22 257536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-30 04:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 21:51 65536 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-03-11 16:44 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 16:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
2007-08-22 05:39 36864 ----a-w- c:\windows\OEM05Mon.exe
.
R2 0140431316723141mcinstcleanup;McAfee Application Installer Cleanup (0140431316723141);c:\windows\TEMP\014043~1.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - tmcomm
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-27 21:46 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:45]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 07:40]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 07:40]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-334789889-2046252120-150890680-1000Core.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 02:15]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-334789889-2046252120-150890680-1000UA.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local;localhost
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: gensmarts.com\searches
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wvculture.org/vrr/va_select.aspx|http://home.ancestry.com/|http://www.yahoo.com/|http://www.amazon.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1379190692&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai|https://login.comcast.net/login?s=portal|https://mail.google.com/mail/u/0/?tab=wm#inbox
FF - ExtSQL: 2014-10-10 02:30; ascsurfingprotection@iobit.com; c:\users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2009-06-26 10:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
Toolbar-Visible - (no file)
Toolbar-Welcome - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files\AGI\core\4.2\InstallerGUI.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,cd,b1,af,86,39,cf,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3292)
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\CMS Products\BounceBack Express\BBWatcherService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
c:\program files\GlidePoint\glidesvc.exe
c:\program files\GlidePoint\glidesvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
c:\windows\system32\PSIService.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
.
**************************************************************************
.
Completion time: 2014-11-19 18:24:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-20 02:24
.
Pre-Run: 607,837,265,920 bytes free
Post-Run: 610,270,654,464 bytes free
.
- - End Of File - - 0156B80A063E61F88649BD3CCFF52F4F
5C616939100B85E558DA92B899A0FC36

Link to comment
Share on other sites

 Share


×
×
  • Create New...