Kylekatarn10

Members
  • Content count

    11
  • Joined

  • Last visited

About Kylekatarn10

  • Rank
    New Member
  1. Excellent! I ran a full system scan with NIS and it no longer detects a rootkit. Just in the nick of time, too, because I'm flying back to school today. Thank you very much for your help; saved me a lot of time and frustration. Much appreciated.
  2. Status: Deleted (events: 1) 1/18/2013 5:04:35 PM Deleted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High Status: Will be deleted when the computer is restarted (events: 2) 1/18/2013 5:04:41 PM Will be deleted when the computer is restarted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\AppData\Local\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High 1/18/2013 5:04:45 PM Will be deleted when the computer is restarted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High Status: Absent (events: 1) 1/18/2013 10:56:16 PM Not found Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High Status: Disinfected (events: 1) 1/18/2013 10:52:20 PM Disinfected virus Virus.Win32.TDSS.b C:\Qoobox\Quarantine\C\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys.vir High
  3. ComboFix 13-01-16.01 - Kevin 01/18/2013 9:59.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1565 [GMT -8:00] Running from: c:\users\Kevin\Downloads\ComboFix.exe Command switches used :: c:\users\Kevin\Downloads\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . FILE :: "c:\windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys . . ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 ))))))))))))))))))))))))))))))) . . 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Kevin\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Dad\AppData\Local\temp 2013-01-18 00:40 . 2013-01-18 00:40 -------- d-----w- c:\program files\ESET 2013-01-16 23:32 . 2013-01-16 23:32 -------- d-----w- C:\found.002 2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- c:\windows\ERUNT 2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- C:\JRT 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-13 09:45 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-12 04:40 . 2013-01-18 00:41 -------- d-----w- c:\windows\system32\drivers\NIS\1402000.013 2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----w- c:\program files\Common Files\Skype 2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----r- c:\program files\Skype 2013-01-09 08:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 08:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 08:23 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-23 17:48 . 2012-12-23 17:48 -------- d-----w- c:\users\UpdatusUser 2012-12-23 17:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-23 17:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-23 17:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-23 17:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-23 17:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-23 17:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-23 17:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-23 17:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-23 17:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-23 17:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-23 17:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-23 17:13 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 17:13 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 15:52 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-23 15:52 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-23 15:52 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-23 15:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-23 15:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-23 15:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-23 15:52 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-23 15:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-23 15:52 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-23 15:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-23 15:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-23 15:32 . 2012-12-23 15:32 -------- d-----w- C:\found.001 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 04:46 . 2009-10-08 22:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-01-09 01:21 . 2012-05-24 03:04 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 01:21 . 2011-06-09 00:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2009-01-23 21:03 . 2011-03-23 00:36 417792 ----a-w- c:\program files\BNUpdate.exe 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditPTB.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditITA.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditFRA.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditESP.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditENU.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditDEU.loc 2009-01-10 07:57 . 2011-03-23 00:36 409600 ----a-w- c:\program files\storm.dll 2009-01-10 07:57 . 2011-03-23 00:36 1220608 ----a-w- c:\program files\StarCraft.exe 2009-01-10 07:57 . 2011-03-23 00:36 557310 ----a-w- c:\program files\battle.snp 2009-01-10 07:57 . 2011-03-23 00:36 127767 ----a-w- c:\program files\standard.snp 2008-12-20 06:33 . 2011-03-23 00:36 125440 ----a-w- c:\program files\iccwc3.icc 2008-12-20 06:01 . 2011-03-23 00:36 327680 ----a-w- c:\program files\Launcher.exe 2008-12-20 06:01 . 2011-03-23 00:36 128512 ----a-w- c:\program files\iccscbn.icc 2008-12-19 07:46 . 2011-03-23 00:36 24064 ----a-w- c:\program files\w3lh.dll 2008-12-07 10:07 . 2011-03-23 00:36 691545 ----a-w- c:\program files\unins000.exe 2008-09-17 05:31 . 2011-03-23 00:36 642560 ----a-w- c:\program files\Chaosplugin.bwl 2007-09-13 07:19 . 2011-03-23 00:36 95232 ----a-w- c:\program files\Smackw32.dll 2007-09-13 07:19 . 2011-03-23 00:36 662474 ----a-w- c:\program files\InstCC.exe 2007-09-13 07:19 . 2011-03-23 00:36 315392 ----a-w- c:\program files\Riched20.dll 2007-09-13 07:19 . 2011-03-23 00:36 150528 ----a-w- c:\program files\SEditPTG.loc 2007-08-21 10:21 . 2011-03-23 00:36 53248 ----a-w- c:\program files\nocd1151.bwl 2007-05-18 04:51 . 2011-03-23 00:36 1016320 ----a-w- c:\program files\StarEdit.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hole plus"="c:\programdata\ticksetupsetup.1fngd7q" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Steam"="c:\program files\Steam\Steam.exe" [2012-12-23 1354736] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-07 3077528] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-23 1199576] "Spotify"="c:\users\Kevin\AppData\Roaming\Spotify\spotify.exe" [2012-12-23 7880664] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-5 267520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent] 2007-11-13 21:46 135168 ----a-w- c:\programdata\Dell\TransferAgent\TransferAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-03-21 00:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-03-21 00:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 02:26 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:21] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04] . 2013-01-17 c:\windows\Tasks\Norton Security Scan for Kevin.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-21 17:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-18 10:14 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:78,5d,b5,bf,e2,b3,bb,e8,fd,23,97,e8,05,64,82,cd,47,db,a6,b5,16,a4,e0, 66,d9,49,f7,17,fb,fa,71,ad,01,2c,82,4a,bf,45,53,da,1a,d2,52,5e,52,47,61,db,\ "??"=hex:03,44,23,4f,85,b5,77,a1,4a,6c,d2,0d,48,7b,fc,c9 . [HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\License information*] "datasecu"=hex:63,27,50,35,3f,34,95,2d,75,d0,a7,dc,0b,f5,0a,19,76,2c,ab,79,85, 65,a4,dc,a0,7f,0f,09,e5,8c,4d,78,89,98,ec,0f,a0,3b,d5,62,38,51,a5,b5,95,ef,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-01-18 10:16:52 ComboFix-quarantined-files.txt 2013-01-18 18:16 ComboFix2.txt 2013-01-16 23:49 . Pre-Run: 44,989,747,200 bytes free Post-Run: 44,854,370,304 bytes free . - - End Of File - - 8016F64627F219EC38DF5B5B0DAFAE07
  4. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=c6edd19ea3aa4047a69f30d576161361 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-18 07:24:05 # local_time=2013-01-17 11:24:05 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3591 16777213 100 94 0 121000430 0 0 # compatibility_mode=5892 16776574 100 100 102556964 195101373 0 0 # scanned=450282 # found=1 # cleaned=0 # scan_time=23754 C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys Win32/Olmarik.ZC trojan 13B985C6C789DAC7C6288340F38E895E2713F177 I I'm glad it found the source of the problem, unfortunately it looks like it was unable to remove it. This is the same file that Norton has been saying is infected during my Full System Scans.
  5. Malwarebytes Anti-Rootkit crashed and PC bcame unresponsive.
  6. ComboFix 13-01-16.01 - Kevin 01/16/2013 15:04:37.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1710 [GMT -8:00] Running from: c:\users\Kevin\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe C:\Logo.sys c:\users\Dad\AppData\Local\._Revolution_ c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\users\Kevin\AppData\Roaming\PnkBstrB.exe c:\users\Public\AUTORUN.INF c:\windows\apppatch\AppLoc.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\wpcap.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))))) . . 2013-01-16 23:32 . 2013-01-16 23:32 -------- d-----w- C:\found.002 2013-01-16 23:23 . 2013-01-16 23:37 -------- d-----w- c:\users\Kevin\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Dad\AppData\Local\temp 2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- c:\windows\ERUNT 2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- C:\JRT 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-13 09:45 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-12 04:40 . 2013-01-12 04:49 -------- d-----w- c:\windows\system32\drivers\NIS\1402000.013 2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----w- c:\program files\Common Files\Skype 2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----r- c:\program files\Skype 2013-01-09 08:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 08:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 08:23 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-23 17:48 . 2012-12-23 17:48 -------- d-----w- c:\users\UpdatusUser 2012-12-23 17:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-23 17:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-23 17:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-23 17:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-23 17:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-23 17:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-23 17:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-23 17:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-23 17:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-23 17:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-23 17:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-23 17:13 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 17:13 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 15:52 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-23 15:52 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-23 15:52 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-23 15:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-23 15:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-23 15:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-23 15:52 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-23 15:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-23 15:52 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-23 15:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-23 15:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-23 15:32 . 2012-12-23 15:32 -------- d-----w- C:\found.001 2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 04:46 . 2009-10-08 22:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-01-09 01:21 . 2012-05-24 03:04 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 01:21 . 2011-06-09 00:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2009-01-23 21:03 . 2011-03-23 00:36 417792 ----a-w- c:\program files\BNUpdate.exe 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditPTB.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditITA.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditFRA.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditESP.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditENU.loc 2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditDEU.loc 2009-01-10 07:57 . 2011-03-23 00:36 409600 ----a-w- c:\program files\storm.dll 2009-01-10 07:57 . 2011-03-23 00:36 1220608 ----a-w- c:\program files\StarCraft.exe 2009-01-10 07:57 . 2011-03-23 00:36 557310 ----a-w- c:\program files\battle.snp 2009-01-10 07:57 . 2011-03-23 00:36 127767 ----a-w- c:\program files\standard.snp 2008-12-20 06:33 . 2011-03-23 00:36 125440 ----a-w- c:\program files\iccwc3.icc 2008-12-20 06:01 . 2011-03-23 00:36 327680 ----a-w- c:\program files\Launcher.exe 2008-12-20 06:01 . 2011-03-23 00:36 128512 ----a-w- c:\program files\iccscbn.icc 2008-12-19 07:46 . 2011-03-23 00:36 24064 ----a-w- c:\program files\w3lh.dll 2008-12-07 10:07 . 2011-03-23 00:36 691545 ----a-w- c:\program files\unins000.exe 2008-09-17 05:31 . 2011-03-23 00:36 642560 ----a-w- c:\program files\Chaosplugin.bwl 2007-09-13 07:19 . 2011-03-23 00:36 95232 ----a-w- c:\program files\Smackw32.dll 2007-09-13 07:19 . 2011-03-23 00:36 662474 ----a-w- c:\program files\InstCC.exe 2007-09-13 07:19 . 2011-03-23 00:36 315392 ----a-w- c:\program files\Riched20.dll 2007-09-13 07:19 . 2011-03-23 00:36 150528 ----a-w- c:\program files\SEditPTG.loc 2007-08-21 10:21 . 2011-03-23 00:36 53248 ----a-w- c:\program files\nocd1151.bwl 2007-05-18 04:51 . 2011-03-23 00:36 1016320 ----a-w- c:\program files\StarEdit.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hole plus"="c:\programdata\ticksetupsetup.1fngd7q" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Steam"="c:\program files\Steam\Steam.exe" [2012-12-23 1354736] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-07 3077528] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-23 1199576] "Spotify"="c:\users\Kevin\AppData\Roaming\Spotify\spotify.exe" [2012-12-23 7880664] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-5 267520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent] 2007-11-13 21:46 135168 ----a-w- c:\programdata\Dell\TransferAgent\TransferAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-03-21 00:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-03-21 00:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 02:26 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:21] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04] . 2013-01-13 c:\windows\Tasks\Norton Security Scan for Kevin.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-21 17:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-sbitunesagent - c:\program files\Songbird\songbirditunesagent.exe HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe AddRemove-{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1 - c:\program files\PrivacySafeGuard\unins000.exe AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-16 15:38 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:78,5d,b5,bf,e2,b3,bb,e8,fd,23,97,e8,05,64,82,cd,47,db,a6,b5,16,a4,e0, 66,d9,49,f7,17,fb,fa,71,ad,01,2c,82,4a,bf,45,53,da,1a,d2,52,5e,52,47,61,db,\ "??"=hex:03,44,23,4f,85,b5,77,a1,4a,6c,d2,0d,48,7b,fc,c9 . [HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\License information*] "datasecu"=hex:63,27,50,35,3f,34,95,2d,75,d0,a7,dc,0b,f5,0a,19,76,2c,ab,79,85, 65,a4,dc,a0,7f,0f,09,e5,8c,4d,78,89,98,ec,0f,a0,3b,d5,62,38,51,a5,b5,95,ef,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3100) c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Intel\IntelDH\CCU\AlertService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe c:\windows\ehome\ehmsas.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\iPod\bin\iPodService.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe . ************************************************************************** . Completion time: 2013-01-16 15:49:10 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-16 23:48 . Pre-Run: 43,722,588,160 bytes free Post-Run: 48,559,804,416 bytes free . - - End Of File - - 9019FED76D1386290E4DE94B8E738B53 I should point out that when Combofix restarted my computer Windows initiated a disk check for consistency (from being manually shut down the other day) and displayed these two messages after the disk check: "Recovered orphaned file AUTOPA~2.EXE" "Recovered orphaned file autopatcherx.exe". Not sure if it means anything but since I know Combofix deleted some files I decided to mention it in-case they turned out to be recovered malware.
  7. When I attempt to start my computer in Safe Mode it pauses at crcdisk.sys and says "Please Wait...". I've left it sitting there for about 20 minutes and it makes no progress.
  8. Darn. So, I followed your instructions until I used the Malwarebytes Anti-Rootkit program. It crashed and caused my computer to become completely unresponsive twice, both times after discovering 19 malware at different points in each scan. Anyway, here is the JRT log and fresh DDS logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows Vista Home Premium x86 Ran by Kevin on Sun 01/13/2013 at 16:27:21.49 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] viewpoint manager service Successfully deleted: [service] viewpoint manager service ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2446573200-3105183575-2128207625-1001\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1 Successfully deleted: [Registry Key] hkey_classes_root\f Successfully deleted: [Registry Key] hkey_classes_root\funmoods.dskbnd Successfully deleted: [Registry Key] hkey_classes_root\funmoods.dskbnd.1 Successfully deleted: [Registry Key] hkey_classes_root\funmoods.funmoodshlpr Successfully deleted: [Registry Key] hkey_classes_root\funmoods.funmoodshlpr.1 Successfully deleted: [Registry Key] hkey_classes_root\funmoodsapp.appcore Successfully deleted: [Registry Key] hkey_classes_root\funmoodsapp.appcore.1 Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd} Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1036ad63-aeac-460b-9060-c96005d4dc86} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{965b9dbe-b104-44ac-950a-8a5f97aff439} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a9db719c-7156-415e-b49d-bad039de4f13} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f03fd9d0-4f2b-497c-8a71-dd41d70b07d9} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar" ~~~ Files Successfully deleted: [File] "C:\Users\Kevin\appdata\local\funmoods.crx" Successfully deleted: [File] "C:\Users\Kevin\appdata\local\funmoods-speeddial.crx" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\installmate" Successfully deleted: [Folder] "C:\ProgramData\premium" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\ProgramData\viewpoint" Successfully deleted: [Folder] "C:\Users\Kevin\AppData\Roaming\iwin" Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\conduitengine" Successfully deleted: [Folder] "C:\Program Files\privacysafeguard" Successfully deleted: [Folder] "C:\Program Files\trymedia" Successfully deleted: [Folder] "C:\Program Files\viewpoint" Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard" Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\asktoolbar" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 01/13/2013 at 16:29:54.80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Kevin at 17:19:08 on 2013-01-13 . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\msiexec.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uWindow Title = Internet Explorer provided by Dell mStart Page = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [sbitunesagent] c:\program files\songbird\songbirditunesagent.exe uRun: [Hole plus] "c:\programdata\ticksetupsetup.1fngd7q" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [spotify Web Helper] "c:\users\kevin\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [spotify] "c:\users\kevin\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{39C7A135-16F8-45FC-9816-A71F882A2504} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R? BHDrvx86;BHDrvx86 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? DAUpdaterSvc;Dragon Age: Origins - Content Updater R? DQLWinService;DQLWinService R? EagleXNt;EagleXNt R? idrmkl;idrmkl R? iusbohci;iusbohci R? Lbd;Lbd R? NPF;NetGroup Packet Filter Driver R? npkycryp;npkycryp R? SkypeUpdate;Skype Updater R? SymIRON;Symantec Iron Driver R? SYMNDISV;Symantec Network Filter Driver R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? ccSet_NIS;Norton Internet Security Settings Manager S? EraserUtilRebootDrv;EraserUtilRebootDrv S? EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM) S? FontCache;Windows Font Cache Service S? IDSVix86;IDSVix86 S? IntelDH;IntelDH Driver S? MCLServiceATL;Intel® Application Tracker S? NIS;Norton Internet Security S? nmsgopro;GoProto Protocol Driver for NMS S? nmsunidr;UniDriver for NMS S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service S? SymDS;Symantec Data Store S? SymEFA;Symantec Extended File Attributes S? SYMTDIv;Symantec Vista Network Dispatch Driver . =============== Created Last 30 ================ . 2013-01-14 00:27:15 -------- d-----w- c:\windows\ERUNT 2013-01-14 00:27:08 -------- d-----w- C:\JRT 2013-01-13 09:45:47 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes 2013-01-13 09:45:30 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 09:45:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-13 09:45:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-12 04:42:23 350368 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys 2013-01-12 04:42:22 927904 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symefa.sys 2013-01-12 04:42:22 368288 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symds.sys 2013-01-12 04:42:22 338592 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symnets.sys 2013-01-12 04:42:22 32888 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtspx.sys 2013-01-12 04:42:22 21400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symelam.sys 2013-01-12 04:42:21 586400 ----a-w- c:\windows\system32\drivers\nis\1402000.013\srtsp.sys 2013-01-12 04:42:21 175264 ----a-r- c:\windows\system32\drivers\nis\1402000.013\ironx86.sys 2013-01-12 04:42:21 134304 ----a-w- c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys 2013-01-12 04:40:54 9103 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symvtcer.dat 2013-01-12 04:40:54 -------- d-----w- c:\windows\system32\drivers\nis\1402000.013 2013-01-10 07:34:52 -------- d-----r- c:\program files\Skype 2013-01-09 08:23:41 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 08:23:41 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 08:23:40 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-23 17:22:17 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-23 17:22:07 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-23 17:22:07 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-23 17:22:07 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-23 17:22:06 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-23 17:22:06 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-23 17:22:05 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-23 17:22:05 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-23 17:22:04 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-23 17:22:04 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-23 17:22:04 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-23 17:13:18 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 17:13:17 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 15:52:29 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-23 15:52:28 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-23 15:52:28 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-23 15:52:28 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-23 15:52:27 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-23 15:52:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-23 15:52:23 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-23 15:52:21 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-23 15:52:15 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-23 15:52:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-23 15:52:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-23 15:32:06 -------- d-sh--w- C:\found.001 2012-12-18 20:07:11 106240 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-01-12 04:46:24 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-01-09 01:21:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 01:21:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2009-01-23 21:03:00 417792 ----a-w- c:\program files\BNUpdate.exe 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditPTB.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditITA.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditFRA.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditESP.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditENU.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditDEU.loc 2009-01-10 07:57:42 557310 ----a-w- c:\program files\battle.snp 2009-01-10 07:57:42 409600 ----a-w- c:\program files\storm.dll 2009-01-10 07:57:42 127767 ----a-w- c:\program files\standard.snp 2009-01-10 07:57:42 1220608 ----a-w- c:\program files\StarCraft.exe 2008-12-20 06:33:26 125440 ----a-w- c:\program files\iccwc3.icc 2008-12-20 06:01:32 327680 ----a-w- c:\program files\Launcher.exe 2008-12-20 06:01:30 128512 ----a-w- c:\program files\iccscbn.icc 2008-12-19 07:46:50 24064 ----a-w- c:\program files\w3lh.dll 2008-12-07 10:07:38 691545 ----a-w- c:\program files\unins000.exe 2008-09-17 05:31:06 642560 ----a-w- c:\program files\Chaosplugin.bwl 2007-09-13 07:19:36 95232 ----a-w- c:\program files\Smackw32.dll 2007-09-13 07:19:36 662474 ----a-w- c:\program files\InstCC.exe 2007-09-13 07:19:36 315392 ----a-w- c:\program files\Riched20.dll 2007-09-13 07:19:36 150528 ----a-w- c:\program files\SEditPTG.loc 2007-08-21 10:21:08 53248 ----a-w- c:\program files\nocd1151.bwl 2007-05-18 04:51:58 1016320 ----a-w- c:\program files\StarEdit.exe . ============= FINISH: 17:25:01.79 =============== DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 2/1/2007 9:46:38 AM System Uptime: 1/13/2013 5:14:31 PM (0 hours ago) . Motherboard: Dell Inc. | | 0WG855 Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 41.033 GiB free. D: is FIXED (NTFS) - 10 GiB total, 5.6 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® 82566DC Gigabit Network Connection Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_01DB1028&REV_02\3&172E68DD&1&C8 Manufacturer: Intel Name: Intel® 82566DC Gigabit Network Connection PNP Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_01DB1028&REV_02\3&172E68DD&1&C8 Service: e1express . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: A738UC83 IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: A738UC83 IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: aid6b9up . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.3 Adobe Shockwave Player 11.5 Age of Mythology Age of Mythology - The Titans Expansion AIM 7 APC PowerChute Personal Edition Apple Application Support Apple Mobile Device Support Apple Software Update Audiosurf Bandisoft MPEG-1 Decoder BioWare Premium Module: Neverwinter Nights Kingmaker Bonjour Bridge From Special K BufferChm Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Company of Heroes Conexant D850 PCI V.92 Modem Counter-Strike: Source CustomerResearchQFolder D1400 D1400_Help D3DX10 DellConnect DellSupport Deus Ex: Game of the Year Edition DeviceManagementQFolder Diablo II Digital Line Detect DivX Setup dj_sf_ProductContext dj_sf_software dj_sf_software_req Documentation & Support Launcher DOOM 3 DOOM II: Hell on Earth Download Updater (AOL LLC) EarthLink Setup Files eSupportQFolder Finale PrintMusic 2007 Games, Music, & Photos Launcher GOM Player GOMTV Streamer Google Chrome Google Earth Google Update Helper Half-Life Half-Life 2 Half-Life 2: Lost Coast Half-Life: Blue Shift Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Deskjet 8.0 Software HP Imaging Device Functions 8.0 HP Photosmart Essential HP Solution Center 8.0 HPProductAssistant HPSSupply iCloud Intel® Matrix Storage Manager Intel® Viiv Software Interlok driver setup x32 iTunes Java 7 Update 7 Java Auto Updater Java DB 10.5.3.0 Java SE Development Kit 6 Update 22 JavaFX 2.1.1 Jeopardy! 2003 Last.fm 1.5.4.27091 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) LucasArts' Jedi Knight LucasArts' Mysteries of the Sith Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft AppLocale Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows Application Compatibility Database Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 MobileMe Control Panel Modem Diagnostic Tool Morrowind: Game of the Year Move Networks Media Player for Internet Explorer MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser NetBeans IDE 6.9.1 NetWaiting NetZeroInstallers Nexon Game Manager Norton Internet Security Norton Security Scan NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OGA Notifier 2.0.0048.0 OpenAL Opposing Force Oregon Trail II Origin Pando Media Booster Penumbra Privacy SafeGuard version 1.1 Quake QuickTime Rosetta Stone Version 3 Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Sid Meier's Civilization IV SigmaTel Audio Skype™ 6.0 SolutionCenter Sonic Activation Module Source Dedicated Server Source SDK Base - Orange Box Spotify Star Wars Jedi Knight Jedi Academy Star Wars JK II Jedi Outcast Star Wars® Knights of the Old Republic® II: The Sith Lords Star Wars: Knights of the Old Republic StarCraft II Status Steam Super Meat Boy SWAT 4 System Requirements Lab Team Fortress Classic Terraria The Sims™ 3 The Sims™ 3 Late Night The Ultimate DOOM Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) URL Assistant User's Guides VC80CRTRedist - 8.0.50727.6195 Ventrilo Client Virtual Audio Cable 4.9 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Warcraft III Warcraft III: All Products WebReg Winamp Winamp Detector Plug-in Winamp Essentials Pack Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR archiver Yahoo! Messenger Yahoo! Software Update . ==== End Of File ===========================
  9. Thanks for the quick reply. I would prefer not to re-format the the entire machine so a cleanup would be preferable. How would I go about doing this?
  10. Hi, I have had a Backdoor Tidserv!inf on my computer. My anti-virus Norton Internet Security was unable to remove it so after trying a couple of related Norton extensions such as Power-Eraser and the Tidserv removal tool I downloaded Malwarebytes. After performing a quick scan and detecting a number of threats such trojans, etc. Malwarebytes successfully removed them and prompted me to restart my PC. After restarting I ran another quick scan however this time it crashed. I attempted 3 or 4 more quick scans since then but every time Malwarebytes crashes and my computer becomes unresponsive. Per instructions here are the DDS logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Kevin at 13:24:41 on 2013-01-13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1549 [GMT -8:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\system32\msiexec.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtB0AyCtBtD0C0AtA0B0AtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1085946328 uWindow Title = Internet Explorer provided by Dell mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtB0AyCtBtD0C0AtA0B0AtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1085946328 mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ips\ipsbho.dll BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\privacysafeguard\PrivacySafeGuard.dll BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [sbitunesagent] c:\program files\songbird\songbirditunesagent.exe uRun: [Hole plus] "c:\programdata\ticksetupsetup.1fngd7q" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [spotify Web Helper] "c:\users\kevin\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [spotify] "c:\users\kevin\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\lastfm~1.lnk - c:\program files\last.fm\LastFMHelper.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{39C7A135-16F8-45FC-9816-A71F882A2504} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1402000.013\symds.sys [2013-1-11 368288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1402000.013\symefa.sys [2013-1-11 927904] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys [2013-1-11 134304] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20130111.002\IDSvix86.sys [2013-1-11 386720] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys [2013-1-11 350368] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504] R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552] R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ccsvchst.exe [2013-1-11 143928] R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672] R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-12-6 50944] R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-2-1 5504] S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20130107.001\BHDrvx86.sys [2012-11-29 995488] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1402000.013\ironx86.sys [2013-1-11 175264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?] S3 idrmkl;idrmkl;c:\users\kevin\appdata\local\temp\idrmkl.sys [2011-8-26 29696] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-13 40776] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652] . =============== Created Last 30 ================ . 2013-01-13 10:08:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-13 09:45:47 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes 2013-01-13 09:45:30 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 09:45:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-13 09:45:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-12 04:42:23 350368 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys 2013-01-12 04:42:22 927904 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symefa.sys 2013-01-12 04:42:22 368288 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symds.sys 2013-01-12 04:42:22 338592 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symnets.sys 2013-01-12 04:42:22 32888 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtspx.sys 2013-01-12 04:42:22 21400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symelam.sys 2013-01-12 04:42:21 586400 ----a-w- c:\windows\system32\drivers\nis\1402000.013\srtsp.sys 2013-01-12 04:42:21 175264 ----a-r- c:\windows\system32\drivers\nis\1402000.013\ironx86.sys 2013-01-12 04:42:21 134304 ----a-w- c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys 2013-01-12 04:40:54 9103 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symvtcer.dat 2013-01-12 04:40:54 -------- d-----w- c:\windows\system32\drivers\nis\1402000.013 2013-01-10 07:34:52 -------- d-----r- c:\program files\Skype 2013-01-09 08:23:41 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 08:23:41 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 08:23:40 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-23 17:22:17 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-23 17:22:07 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-23 17:22:07 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-23 17:22:07 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-23 17:22:06 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-23 17:22:06 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-23 17:22:05 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-23 17:22:05 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-23 17:22:04 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-23 17:22:04 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-23 17:22:04 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-23 17:13:18 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 17:13:17 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 15:52:29 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-23 15:52:28 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-23 15:52:28 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-23 15:52:28 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-23 15:52:27 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-23 15:52:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-23 15:52:23 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-23 15:52:21 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-23 15:52:15 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-23 15:52:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-23 15:52:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-23 15:32:06 -------- d-sh--w- C:\found.001 2012-12-18 20:07:11 106240 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-01-12 04:46:24 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-01-09 01:21:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 01:21:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2009-01-23 21:03:00 417792 ----a-w- c:\program files\BNUpdate.exe 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditPTB.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditITA.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditFRA.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditESP.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditENU.loc 2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditDEU.loc 2009-01-10 07:57:42 557310 ----a-w- c:\program files\battle.snp 2009-01-10 07:57:42 409600 ----a-w- c:\program files\storm.dll 2009-01-10 07:57:42 127767 ----a-w- c:\program files\standard.snp 2009-01-10 07:57:42 1220608 ----a-w- c:\program files\StarCraft.exe 2008-12-20 06:33:26 125440 ----a-w- c:\program files\iccwc3.icc 2008-12-20 06:01:32 327680 ----a-w- c:\program files\Launcher.exe 2008-12-20 06:01:30 128512 ----a-w- c:\program files\iccscbn.icc 2008-12-19 07:46:50 24064 ----a-w- c:\program files\w3lh.dll 2008-12-07 10:07:38 691545 ----a-w- c:\program files\unins000.exe 2008-09-17 05:31:06 642560 ----a-w- c:\program files\Chaosplugin.bwl 2007-09-13 07:19:36 95232 ----a-w- c:\program files\Smackw32.dll 2007-09-13 07:19:36 662474 ----a-w- c:\program files\InstCC.exe 2007-09-13 07:19:36 315392 ----a-w- c:\program files\Riched20.dll 2007-09-13 07:19:36 150528 ----a-w- c:\program files\SEditPTG.loc 2007-08-21 10:21:08 53248 ----a-w- c:\program files\nocd1151.bwl 2007-05-18 04:51:58 1016320 ----a-w- c:\program files\StarEdit.exe . ============= FINISH: 13:27:04.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 2/1/2007 9:46:38 AM System Uptime: 1/13/2013 1:10:07 PM (0 hours ago) . Motherboard: Dell Inc. | | 0WG855 Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 42.91 GiB free. D: is FIXED (NTFS) - 10 GiB total, 5.6 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: A738UC83 IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: A738UC83 IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: a48achfq . ==== System Restore Points =================== . RP2681: 1/12/2013 10:03:20 PM - Norton_Power_Eraser_20130112220320601 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.3 Adobe Shockwave Player 11.5 Age of Mythology Age of Mythology - The Titans Expansion AIM 7 APC PowerChute Personal Edition Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Audiosurf Bandisoft MPEG-1 Decoder BioWare Premium Module: Neverwinter Nights Kingmaker BitTorrent BitTorrent 6.0 Bonjour Bridge From Special K BufferChm Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Company of Heroes Conduit Engine Conexant D850 PCI V.92 Modem Counter-Strike: Source CustomerResearchQFolder D1400 D1400_Help D3DX10 DellConnect DellSupport Deus Ex: Game of the Year Edition DeviceManagementQFolder Diablo II Digital Line Detect DivX Setup dj_sf_ProductContext dj_sf_software dj_sf_software_req Documentation & Support Launcher DOOM 3 DOOM II: Hell on Earth Download Updater (AOL LLC) EarthLink Setup Files eSupportQFolder Finale PrintMusic 2007 Games, Music, & Photos Launcher GOM Player GOMTV Streamer Google Chrome Google Earth Google Update Helper Half-Life Half-Life 2 Half-Life 2: Lost Coast Half-Life: Blue Shift Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Deskjet 8.0 Software HP Imaging Device Functions 8.0 HP Photosmart Essential HP Solution Center 8.0 HPProductAssistant HPSSupply iCloud Intel® Matrix Storage Manager Intel® Viiv Software Interlok driver setup x32 iTunes Java 7 Update 7 Java Auto Updater Java DB 10.5.3.0 Java SE Development Kit 6 Update 22 JavaFX 2.1.1 Jeopardy! 2003 Last.fm 1.5.4.27091 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) LucasArts' Jedi Knight LucasArts' Mysteries of the Sith Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft AppLocale Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows Application Compatibility Database Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 MobileMe Control Panel Modem Diagnostic Tool Morrowind: Game of the Year Move Networks Media Player for Internet Explorer MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser NetBeans IDE 6.9.1 NetWaiting NetZeroInstallers Nexon Game Manager Norton Internet Security Norton Security Scan NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OGA Notifier 2.0.0048.0 OpenAL Opposing Force Oregon Trail II Origin Pando Media Booster Penumbra Privacy SafeGuard version 1.1 Quake QuickTime Rosetta Stone Version 3 Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Sid Meier's Civilization IV SigmaTel Audio Skype™ 6.0 SolutionCenter Sonic Activation Module Source Dedicated Server Source SDK Base - Orange Box Spotify Star Wars Jedi Knight Jedi Academy Star Wars JK II Jedi Outcast Star Wars® Knights of the Old Republic® II: The Sith Lords Star Wars: Knights of the Old Republic StarCraft II Status Steam Super Meat Boy SWAT 4 System Requirements Lab Team Fortress Classic Terraria The Sims™ 3 The Sims™ 3 Late Night The Ultimate DOOM Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) URL Assistant User's Guides VC80CRTRedist - 8.0.50727.6195 Ventrilo Client Viewpoint Media Player Virtual Audio Cable 4.9 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Warcraft III Warcraft III: All Products WebReg Winamp Winamp Detector Plug-in Winamp Essentials Pack Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR archiver Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 1/13/2013 2:25:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/13/2013 2:25:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/13/2013 2:25:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS DfsC eeCtrl IDSVix86 Lbd NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd SRTSPX SymIRON SYMTDIv tdx Wanarpv6 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 2:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/13/2013 2:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/13/2013 2:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/13/2013 2:24:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/13/2013 2:24:25 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode . 1/13/2013 2:24:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 1/13/2013 2:24:23 AM, Error: EventLog [6008] - The previous system shutdown at 2:13:45 AM on 1/13/2013 was unexpected. 1/13/2013 2:23:42 AM, Error: sptd [4] - Driver detected an internal error in its data structures for . 1/13/2013 2:11:30 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 1/13/2013 2:07:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd Smb 1/13/2013 12:27:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 1/13/2013 12:27:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 1/13/2013 12:19:39 PM, Error: EventLog [6008] - The previous system shutdown at 2:34:53 AM on 1/13/2013 was unexpected. 1/13/2013 1:12:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 Lbd Smb SymIRON 1/13/2013 1:12:07 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied. 1/13/2013 1:12:07 PM, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified. 1/13/2013 1:11:16 PM, Error: EventLog [6008] - The previous system shutdown at 12:27:30 PM on 1/13/2013 was unexpected. . ==== End Of File =========================== Thanks in advance!
  11. Hi, I have had a Backdoor Tidserv!inf on my computer. My anti-virus Norton Internet Security was unable to remove it so after trying a couple of related Norton extensions such as Power-Eraser and the Tidserv removal tool I downloaded Malwarebytes. After performing a quick scan and detecting a number of threats such trojans, etc. Malwarebytes successfully removed them and prompted me to restart my PC. After restarting I ran another quick scan however this time it crashed. I attempted 3 or 4 more quick scans since then but every time Malwarebytes crashes and my computer becomes unresponsive. Any help would be appreciated because this is really beginning to bug me.