Ed_Infected

thanks for reviewing. The problem has been solved - it was a router configuration problem that was causing this. Thread can be closed.

Could this be a problem with MBAM scan engine update? Here is background: My laptop is giving message that MBAM is blocking outgoing svchost traffic to a particular website (see details here for open request for help - https://forums.malwarebytes.org/index.php?showtopic=142742 Now I find same problem on my desktop (though there is a small possibility that I may have used the same USB drive on both machine) - the message and website are same. What do I do next? TIA Ed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014 Ran by Me at 2014-02-21 19:47:40 Running from C:\Users\Me\Downloads\Scanners Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1 - Adobe Systems Incorporated) Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1 - Adobe Systems Incorporated) Hidden Adobe Reader 9.1 MUI (x32 Version: 9.1.0 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden ALPS Touch Pad Driver (Version: 7.105.2002.1502 - Alps Electric) Atheros Client Installation Program (x32 Version: 7.0 - Atheros) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDVD 8 (x32 Version: 8.0.3520.50 - CyberLink Corp.) CyberLink PowerDVD 8 (x32 Version: 8.0.3520.50 - CyberLink Corp.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.58 - Conexant Systems) Identity Card (x32 Version: 1.00.3003 - Packard Bell) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Control Center (x32 Version: 1.2.0.1006 - Intel Corporation) Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2008 - Intel Corporation) Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation) Intel® Matrix Storage Manager (Version: - Intel Corporation) iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101 - Vantage Linguistics) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Launch Manager (x32 Version: 0.0.05 - Packard Bell) Magical Jelly Bean KeyFinder (x32 Version: 2.0.8.1 - Magical Jelly Bean) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Metaboli (x32 Version: 1.00.0006 - Packard Bell) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0 - Mozilla) MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (x32 Version: - Nero AG) Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation) Packard Bell InfoCentre (x32 Version: 3.02.3000 - Packard Bell) Packard Bell Power Management (x32 Version: 4.05.3006 - Packard Bell) Packard Bell Recovery Management (x32 Version: 4.05.3007 - Packard Bell) Packard Bell Updater (x32 Version: 1.01.3017 - Packard Bell) pdfFactory Pro (Version: 4.05 - FinePrint Software, LLC) Photon Plus (x32 Version: 21.005.22.23.628 - Huawei Technologies Co.,Ltd) Quicken 2013 (x32 Version: 22.1.12.7 - Intuit) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5963 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30104 - Realtek Semiconductor Corp.) RICOH Media Driver ver.2.07.01.02 (x32 Version: 2.07.01.02 - RICOH) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (x32 Version: 3.55.01 - ) RoboForm 7-9-2-2 (All Users) (x32 Version: 7-9-2-2 - Siber Systems) Symantec Endpoint Protection (Version: 12.1.3001.165 - Symantec Corporation) Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics) TouchFreeze (x32 Version: 1.0.2 - Ivan Zhakov) Trojan Remover 6.9.0 (x32 Version: 6.9.0 - Simply Super Software) TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation) TurboTax 2010 (x32 Version: - Intuit, Inc) TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version: - Microsoft) Update for Microsoft Office OneNote 2007 (KB980729) (x32 Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) Welcome Center (x32 Version: 1.00.3009 - Packard Bell) WIDCOMM Bluetooth Software (Version: 5.2.0.500 - Broadcom Corporation) WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 20-02-2014 18:11:25 Removed Facebook Video Calling 2.0.0.447 20-02-2014 18:12:45 Removed Skype™ 5.10 20-02-2014 18:13:32 Removed Skype™ 5.10 20-02-2014 18:14:45 Removed PC Connectivity Solution ==================== Hosts content: ========================== 2009-07-14 08:04 - 2014-02-20 23:59 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1B74DFD5-5740-4C36-94BC-557ADC9363C6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001Core => C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-12] (Facebook Inc.) Task: {289CB740-234E-4558-BBA0-7074C7EC9706} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.) Task: {2BBC3C45-4951-4563-B086-35C4CBA3EBED} - System32\Tasks\{F717EE22-B962-4D0C-A92B-661B7A5806AA} => C:\Program Files (x86)\LEDSET\CAM Wizard\CAM Wizard.exe Task: {3478D54F-3AB0-46C6-8D32-25DAB6D54AAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.) Task: {535A9292-B359-4EEB-AAEB-09F0A17769E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07] (Adobe Systems Incorporated) Task: {85718E77-DA8C-4F5D-8CE2-054DAD179A1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001UA => C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-12] (Facebook Inc.) Task: {95AA3BB2-23BC-4319-9A84-449C2CF551AA} - System32\Tasks\{0555575F-04A1-4D23-BE4D-76C4D3F97E9F} => C:\Program Files (x86)\Skype\Phone\Skype.exe Task: {B573123C-7209-4350-91E6-E4AB62135DB6} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMNJMMOJKMKMHMIMCNOJHMOMIMCNLMJMMJLJCNHMLMJMKJCNNMNMKMOJIMOMHMGMPMPMOMOMJNJICMIMCNGMCNNMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMHMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMCLKJJNKJCMJNNICMJNDJCMKJBJ" Task: {C291C630-A740-47B3-8D2F-D3EEC9810F17} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMNJMMOJKMKMHMIMCNOJHMOMIMCNLMJMMJLJCNHMLMJMKJCNNMNMKMOJIMOMHMGMPMPMOMOMJNJICMIMCNOMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMCLKJJNKJCMJNNICMJNDJCMKJBJ" Task: {E6526948-3578-4C86-85E2-E84334136B70} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-09-28] (Siber Systems) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001Core.job => C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001UA.job => C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-29 13:02 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2013-10-29 13:02 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2005-04-29 16:15 - 2005-04-29 16:15 - 00045056 _____ () C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe 2009-10-03 00:09 - 2009-10-03 00:09 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2005-04-29 16:15 - 2005-04-29 16:15 - 00045056 _____ () C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll 2014-01-15 22:18 - 2014-01-15 22:18 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll 2014-01-15 22:18 - 2014-01-15 22:18 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57141523.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73815881.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57141523.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73815881.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Facebook Update => "C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= Error: (02/16/2014 11:02:29 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 101911 seconds with 11280 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-02-20 23:24:49.050 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 23:24:49.003 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 4095.11 MB Available physical RAM: 2339.06 MB Total Pagefile: 8188.36 MB Available Pagefile: 6314.3 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:60.52 GB) (Free:15.79 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:48.95 GB) (Free:39.72 GB) NTFS Drive p: () (Fixed) (Total:7.98 GB) (Free:5.92 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 4B1EB4AA) Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=61 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014 Ran by Me (administrator) on ACER-PC on 21-02-2014 19:47:15 Running from C:\Users\Me\Downloads\Scanners Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (TrueCrypt Foundation) C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-14] (Intel Corporation) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [327168 2009-10-31] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16330272 2009-07-02] (NVIDIA Corporation) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-09-17] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2091850345-3665891424-549587078-1001\...\Run: [TouchFreeze] - C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] () HKU\S-1-5-21-2091850345-3665891424-549587078-1001\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-09-28] (Siber Systems) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACPW&l=0809&m=nv75&r=273612093cb3e24c35y8846gj78367 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACPW&l=0809&m=nv75&r=273612093cb3e24c35y8846gj78367 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACPW&l=0809&m=nv75&r=273612093cb3e24c35y8846gj78367 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enUS395US395 BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 37.1.206.9 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\bpt5tg9g.default FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Extension: ERail Plugin for Firefox - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\bpt5tg9g.default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2013-08-22] FF Extension: Adblock Plus - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\bpt5tg9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-22] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2013-10-03] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-09-28] ==================== Services (Whitelisted) ================= R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-10-29] (Acer Incorporated) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Photon Plus. RunOuc; C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [655712 2013-10-02] () R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-18] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20140220.011\IDSvia64.sys [521944 2014-01-16] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] () R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140220.008\ENG64.SYS [126040 2013-12-18] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140220.008\EX64.SYS [2099288 2013-12-18] (Symantec Corporation) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-07] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-07] (Nokia) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-09-08] (Research in Motion Ltd) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation) S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-08-22] () S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-28] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2013-09-28] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14000 2009-12-04] () S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-06-06] (Windows ® Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-07] (Windows ® Codename Longhorn DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 avgntflt; \??\C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X] S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X] U3 kgldrpob; \??\C:\Users\Me\AppData\Local\Temp\kgldrpob.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-21 19:47 - 2014-02-21 19:47 - 00000000 ____D () C:\FRST 2014-02-21 19:45 - 2014-02-21 19:45 - 00000620 _____ () C:\Users\Me\Desktop\JRT.txt 2014-02-21 18:03 - 2014-02-21 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-21 18:03 - 2014-02-21 18:03 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-02-21 18:01 - 2014-02-21 18:15 - 00000000 ____D () C:\Users\Me\Desktop\mbar 2014-02-21 18:01 - 2014-02-21 18:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ___RD () C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2014-02-21 17:06 - 2014-02-21 17:06 - 00001538 _____ () C:\Users\Me\Desktop\RKreport[0]_S_02212014_170612.txt 2014-02-21 17:04 - 2014-02-21 17:07 - 00000000 ____D () C:\Users\Me\Desktop\RK_Quarantine 2014-02-21 16:56 - 2014-02-21 16:56 - 00017997 _____ () C:\Users\Me\Desktop\dds.txt 2014-02-21 16:56 - 2014-02-21 16:56 - 00016962 _____ () C:\Users\Me\Desktop\attach.txt 2014-02-21 16:42 - 2014-02-21 17:09 - 00000112 _____ () C:\Windows\setupact.log 2014-02-21 16:42 - 2014-02-21 16:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-21 09:36 - 2014-02-21 09:36 - 00000000 ____D () C:\Windows\ERUNT 2014-02-21 00:13 - 2014-02-21 00:13 - 00021118 _____ () C:\ComboFix.txt 2014-02-20 23:18 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-20 23:18 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-20 23:18 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-20 23:18 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-20 23:18 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-20 23:18 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe 2014-02-20 23:18 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe 2014-02-20 23:18 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe 2014-02-20 23:17 - 2014-02-21 00:13 - 00000000 ____D () C:\Qoobox 2014-02-20 23:17 - 2014-02-20 23:25 - 00000000 ____D () C:\Windows\erdnt 2014-02-20 23:08 - 2014-02-20 23:08 - 00000000 ____D () C:\ProgramData\Licenses 2014-02-20 23:06 - 2014-02-20 23:06 - 00001076 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Users\Me\Documents\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Users\Me\AppData\Roaming\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-02-20 22:17 - 2014-02-21 17:08 - 00000000 ____D () C:\AdwCleaner 2014-02-20 19:51 - 2014-02-20 19:51 - 00000000 ____D () C:\_OTL 2014-02-20 18:19 - 2014-02-21 19:47 - 00000000 ____D () C:\Users\Me\Downloads\Scanners 2014-02-19 10:46 - 2014-02-19 10:46 - 00283136 _____ () C:\Users\Me\Downloads\MMM ICICI Stock History.xls 2014-01-24 10:26 - 2014-01-24 10:26 - 01502123 _____ () C:\Users\Me\Downloads\Pending payments list B & C Towers.xlsx ==================== One Month Modified Files and Folders ======= 2014-02-21 19:47 - 2014-02-21 19:47 - 00000000 ____D () C:\FRST 2014-02-21 19:47 - 2014-02-20 18:19 - 00000000 ____D () C:\Users\Me\Downloads\Scanners 2014-02-21 19:47 - 2013-11-23 07:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-21 19:45 - 2014-02-21 19:45 - 00000620 _____ () C:\Users\Me\Desktop\JRT.txt 2014-02-21 19:09 - 2009-07-14 10:15 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-21 19:09 - 2009-07-14 10:15 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-21 19:07 - 2009-12-02 19:58 - 01173068 _____ () C:\Windows\WindowsUpdate.log 2014-02-21 18:52 - 2010-09-04 18:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-21 18:15 - 2014-02-21 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-21 18:15 - 2014-02-21 18:01 - 00000000 ____D () C:\Users\Me\Desktop\mbar 2014-02-21 18:03 - 2014-02-21 18:03 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-02-21 18:01 - 2014-02-21 18:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-21 17:55 - 2013-11-12 17:50 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001UA.job 2014-02-21 17:55 - 2013-11-12 17:50 - 00000894 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2091850345-3665891424-549587078-1001Core.job 2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ___RD () C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2014-02-21 17:09 - 2014-02-21 16:42 - 00000112 _____ () C:\Windows\setupact.log 2014-02-21 17:09 - 2010-09-04 18:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-21 17:09 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-21 17:08 - 2014-02-20 22:17 - 00000000 ____D () C:\AdwCleaner 2014-02-21 17:07 - 2014-02-21 17:04 - 00000000 ____D () C:\Users\Me\Desktop\RK_Quarantine 2014-02-21 17:06 - 2014-02-21 17:06 - 00001538 _____ () C:\Users\Me\Desktop\RKreport[0]_S_02212014_170612.txt 2014-02-21 16:56 - 2014-02-21 16:56 - 00017997 _____ () C:\Users\Me\Desktop\dds.txt 2014-02-21 16:56 - 2014-02-21 16:56 - 00016962 _____ () C:\Users\Me\Desktop\attach.txt 2014-02-21 16:42 - 2014-02-21 16:42 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-21 16:26 - 2009-07-14 10:43 - 00739600 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-21 09:36 - 2014-02-21 09:36 - 00000000 ____D () C:\Windows\ERUNT 2014-02-21 00:13 - 2014-02-21 00:13 - 00021118 _____ () C:\ComboFix.txt 2014-02-21 00:13 - 2014-02-20 23:17 - 00000000 ____D () C:\Qoobox 2014-02-21 00:11 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini 2014-02-20 23:43 - 2010-09-18 01:58 - 00000000 ____D () C:\Users\Me\AppData\Roaming\Skype 2014-02-20 23:43 - 2010-09-18 01:58 - 00000000 ____D () C:\ProgramData\Skype 2014-02-20 23:29 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Default 2014-02-20 23:25 - 2014-02-20 23:17 - 00000000 ____D () C:\Windows\erdnt 2014-02-20 23:08 - 2014-02-20 23:08 - 00000000 ____D () C:\ProgramData\Licenses 2014-02-20 23:06 - 2014-02-20 23:06 - 00001076 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Users\Me\Documents\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Users\Me\AppData\Roaming\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-02-20 23:06 - 2014-02-20 23:06 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-02-20 19:51 - 2014-02-20 19:51 - 00000000 ____D () C:\_OTL 2014-02-19 10:46 - 2014-02-19 10:46 - 00283136 _____ () C:\Users\Me\Downloads\MMM ICICI Stock History.xls 2014-02-15 21:47 - 2010-09-04 18:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-15 21:47 - 2010-09-04 18:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-07 20:54 - 2013-11-23 07:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-07 20:54 - 2013-11-23 07:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-07 20:54 - 2013-11-23 07:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 16:24 - 2009-07-14 10:38 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-29 10:01 - 2010-09-18 01:32 - 00000000 ____D () C:\Windows\Minidump 2014-01-29 10:01 - 2007-07-12 07:19 - 00000000 ____D () C:\Windows\Panther 2014-01-24 19:55 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-24 10:26 - 2014-01-24 10:26 - 01502123 _____ () C:\Users\Me\Downloads\Pending payments list B & C Towers.xlsx Some content of TEMP: ==================== C:\Users\Me\AppData\Local\Temp\ntdll_dump.dll C:\Users\Me\AppData\Local\Temp\Quarantine.exe C:\Users\Me\AppData\Local\Temp\uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 13:14 ==================== End Of Log ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Me on 21-Feb-14 at 19:07:49.29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21-Feb-14 at 19:45:48.11 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan by Malware Root toolkit also does not show any infections however, the MAM msg keeps poping up alomost every 90 seconds ;-(

Finally - MAM - with all check-boxes enabled in - General & Scanner, PUP, PUM and P2P - Show results list & check for removal Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.16.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Me :: ACER-PC [administrator] Protection: Enabled 21-Feb-14 5:26:39 PM mbam-log-2014-02-21 (17-26-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 241271 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v3.019 - Report created 21/02/2014 at 17:08:14 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Me - ACER-PC # Running from : C:\Users\Me\Downloads\Scanners\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16514 -\\ Mozilla Firefox v21.0 (en-US) [ File : C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\bpt5tg9g.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2207 octets] - [20/02/2014 22:17:49] AdwCleaner[R1].txt - [930 octets] - [21/02/2014 09:06:14] AdwCleaner[R2].txt - [1048 octets] - [21/02/2014 16:40:16] AdwCleaner[R3].txt - [1169 octets] - [21/02/2014 17:07:22] AdwCleaner[s0].txt - [2074 octets] - [20/02/2014 22:19:49] AdwCleaner[s1].txt - [992 octets] - [21/02/2014 09:10:02] AdwCleaner[s2].txt - [1112 octets] - [21/02/2014 16:41:41] AdwCleaner[s3].txt - [1093 octets] - [21/02/2014 17:08:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1153 octets] ##########

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Me [Admin rights] Mode : Scan -- Date : 02/21/2014 17:06:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] ouc.exe -- C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS722016K9SA00 +++++ --- User --- [MBR] 2de18e6dfd270a2947df5e0cc0bd184b [bSP] 8544557b45fa07fef2ccc165fd480e62 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 50124 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 102671415 | Size: 40523 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 185663205 | Size: 61969 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02212014_170612.txt >>

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 03-Dec-09 5:57:37 PM System Uptime: 21-Feb-14 4:42:16 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | N80Vb Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | Socket 478 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 61 GiB total, 15.92 GiB free. D: is CDROM () E: is FIXED (NTFS) - 49 GiB total, 39.716 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP102: 20-Feb-14 11:41:25 PM - Removed Facebook Video Calling 2.0.0.447 RP103: 20-Feb-14 11:42:45 PM - Removed Skype™ 5.10 RP104: 20-Feb-14 11:43:32 PM - Removed Skype™ 5.10 RP105: 20-Feb-14 11:44:45 PM - Removed PC Connectivity Solution . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Adobe AIR Adobe Flash Player 12 ActiveX Adobe Photoshop Elements 7.0 Adobe Reader 9.1 MUI Advertising Center ALPS Touch Pad Driver Atheros Client Installation Program Compatibility Pack for the 2007 Office system CyberLink PowerDVD 8 Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Identity Card ImagXpress Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Matrix Storage Manager iSEEK AnswerWorks English Runtime Java 7 Update 51 Java Auto Updater Junk Mail filter update Launch Manager Magical Jelly Bean KeyFinder Malwarebytes Anti-Malware version 1.75.0.1300 Metaboli Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Mozilla Firefox 21.0 (x86 en-US) MSVC80_x64 MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NVIDIA Drivers Packard Bell InfoCentre Packard Bell Power Management Packard Bell Recovery Management Packard Bell Updater pdfFactory Pro Photon Plus Quicken 2013 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RICOH Media Driver ver.2.07.01.02 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 RoboForm 7-9-2-2 (All Users) Security Update for 2007 Microsoft Office System (KB2288621) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Symantec Endpoint Protection Synaptics Pointing Device Driver TouchFreeze Trojan Remover 6.9.0 TrueCrypt TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Welcome Center WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 21-Feb-14 4:44:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 21-Feb-14 4:44:02 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 21-Feb-14 4:44:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 21-Feb-14 4:43:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 21-Feb-14 4:43:39 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 21-Feb-14 4:42:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Photon Plus. OUC service to connect. 21-Feb-14 4:42:57 PM, Error: Service Control Manager [7000] - The Photon Plus. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 21-Feb-14 4:20:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:20:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 21-Feb-14 4:20:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 21-Feb-14 4:19:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 21-Feb-14 4:19:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 21-Feb-14 4:19:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 21-Feb-14 4:19:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 21-Feb-14 4:19:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 21-Feb-14 4:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC} DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SYMNETS SysPlant tdx Teefer2 truecrypt vwififlt Wanarpv6 WfpLwf ws2ifsl 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 21-Feb-14 4:19:15 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 21-Feb-14 4:15:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 21-Feb-14 4:15:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. 21-Feb-14 4:14:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 21-Feb-14 4:14:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 21-Feb-14 4:13:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 21-Feb-14 4:13:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 21-Feb-14 4:13:09 PM, Error: Service Control Manager [7022] - The IP Helper service hung on starting. 21-Feb-14 4:12:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 21-Feb-14 4:12:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 21-Feb-14 4:01:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service. 21-Feb-14 4:01:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 21-Feb-14 4:01:17 PM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting. . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.51.2 Run by Me at 16:56:22 on 2014-02-21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2232 [GMT 5.5:30] . AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\ProgramData\DatacardService\HWDeviceService64.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\ouc.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\IPS\IPSBHO.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 37.1.206.9 8.8.8.8 TCP: Interfaces\{2DD3D1B9-8CF4-42A1-87BA-9DED24A967DE} : DHCPNameServer = 37.1.206.9 8.8.8.8 TCP: Interfaces\{2DD3D1B9-8CF4-42A1-87BA-9DED24A967DE}\4556C656B6F6D6 : DHCPNameServer = 10.120.136.116 TCP: Interfaces\{2DD3D1B9-8CF4-42A1-87BA-9DED24A967DE}\84F6C6964616970294E6E6 : DHCPNameServer = 121.242.190.180 121.242.190.211 4.2.2.2 TCP: Interfaces\{2DD3D1B9-8CF4-42A1-87BA-9DED24A967DE}\9494D424D275946494 : DHCPNameServer = 192.168.103.2 202.56.230.6 192.168.103.18 202.138.101.3 TCP: Interfaces\{2DD3D1B9-8CF4-42A1-87BA-9DED24A967DE}\94E64756C60275962756C65637370244963707C61697 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4F367B7E-92BA-483F-B69D-4C9A00EB6E02} : DHCPNameServer = 69.85.88.134 8.8.8.8 TCP: Interfaces\{A3E07A27-18D1-410C-883A-3F760F233982} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\bpt5tg9g.default\ FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-2 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-5-25 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-5-25 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [2014-2-7 1526488] R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-5-25 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20140220.011\IDSviA64.sys [2014-2-21 521944] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-5-25 224416] R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-5-25 433752] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-11-6 844320] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136] R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-15 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-15 701512] R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [2013-5-25 144368] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-12-4 14000] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-2 2320920] R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-6 240160] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-20 137648] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-10-2 90112] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-11-6 6952960] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Photon Plus. RunOuc;Photon Plus. OUC;C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [2013-10-2 655712] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-6 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-2 35104] S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-6 292864] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-10-2 117248] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-6 56344] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-25 151936] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-25 244736] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-6 320040] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2008-5-7 23552] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2008-5-7 18432] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280] S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [2013-5-25 34800] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-2 1255736] . =============== Created Last 30 ================ . 2014-02-21 04:06:32 -------- d-----w- C:\Windows\ERUNT 2014-02-20 18:43:50 -------- d-sh--w- C:\$RECYCLE.BIN 2014-02-20 17:48:00 98816 ----a-w- C:\Windows\sed.exe 2014-02-20 17:48:00 256000 ----a-w- C:\Windows\PEV.exe 2014-02-20 17:48:00 208896 ----a-w- C:\Windows\MBR.exe 2014-02-20 17:38:24 -------- d-----w- C:\ProgramData\Licenses 2014-02-20 17:36:24 -------- d-----w- C:\Users\Me\AppData\Roaming\Simply Super Software 2014-02-20 17:36:12 -------- d-----w- C:\ProgramData\Simply Super Software 2014-02-20 17:36:12 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2014-02-20 16:47:44 -------- d-----w- C:\AdwCleaner 2014-02-20 14:21:00 -------- d-----w- C:\_OTL . ==================== Find3M ==================== . 2014-02-07 15:24:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-07 15:24:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-18 15:39:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ============= FINISH: 16:56:44.26 ===============

Greetings!! Since yesterday, MalwareBytes Anti-Malware Pro version is throwing up a message every few minutes - "Successfully Blocked access to a potentially malicious website: 37.1.206.9" Type: Outgoing, Port (changes) Process: svchost.exe This message pops every few mintues - even if browsers are not active (I use both IE and Firefox). I also have Symantec EndPoint protection (SEP) active - however that does not give any errors. In next 4 posting below, I am pasting the various logs - the programs were run post disconnection from Internet and with SEP turned off. Appreciate help. Regards Ed

Hello Jeff, It looks like the virus is gone - so far no more active scan notifications Appreciate all your support in solving this. Ed

Malwarebytes log post TFC run. Too early to tell if the virus is gone or not - will post again within 24 hours if virus free. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Me :: C12754 [administrator] Protection: Enabled 25-01-2013 23:07:47 mbam-log-2013-01-25 (23-07-47).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Heuristics/Extra Objects scanned: 296386 Time elapsed: 2 hour(s), 4 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

This is what you wanted? SHA256: 66403205bc86d98b75f2449958f717f2f971fca0d33b0d211f03971484e9b567 SHA1: fdb99bdc4e7016132b9efcefb5bd4c7210958927 MD5: 5b8a2ba3138573583ff9e0158096ec48 File size: 174 bytes ( 174 bytes ) File name: desktop.ini File type: unknown Detection ratio: 0 / 45 Analysis date: 2013-01-23 23:48:49 UTC ( 1 day, 3 hours ago ) Agnitum - 20130123 AhnLab-V3 - 20130123 AntiVir - 20130123 Antiy-AVL - 20130123 Avast - 20130123 AVG - 20130123 BitDefender - 20130123 ByteHero - 20130123 CAT-QuickHeal - 20130123 ClamAV - 20130123 Commtouch - 20130123 Comodo - 20130123 DrWeb - 20130123 Emsisoft - 20130123 eSafe - 20130120 ESET-NOD32 - 20130123 F-Prot - 20130123 Fortinet - 20130123 GData - 20130124 Ikarus - 20130123 Jiangmin - 20121221 K7AntiVirus - 20130123 Kaspersky - 20130123 Kingsoft - 20130121 Malwarebytes - 20130123 McAfee - 20130123 McAfee-GW-Edition - 20130123 Microsoft - 20130123 MicroWorld-eScan - 20130123 NANO-Antivirus - 20130123 Norman - 20130123 nProtect - 20130123 Panda - 20130123 PCTools - 20130123 Rising - 20130123 Sophos - 20130123 SUPERAntiSpyware - 20130124 Symantec - 20130123 TheHacker - 20130124 TotalDefense - 20130123 TrendMicro - 20130123 TrendMicro-HouseCall - 20130123 VBA32 - 20130123 VIPRE - 20130123 ViRobot - 20130123