cheryl0029

Members
  • Content count

    12
  • Joined

  • Last visited

About cheryl0029

  • Rank
    New Member
  1. Thank you so much for your time and help MrC! Not only did you help me make sure that my computer no longer had the redirect virus, but you also cleaned my computer too.

  2. Thank you very much for your help.
  3. When I was deleting the Java™ 6 Update 31 I found that there was Java 6 Update 18 (64-bit) and JavaFX 2.1.1. Should I delete the Java 6 Update 18(64-bit) or keep it?
  4. Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 10 Java version out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  5. The computer seems to be running fine. I downloaded the SecurityCheck.exe and ran it. The checkup.txt said "unsupported operating system! Aborted!"
  6. JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.5.0 (01.23.2013:2) OS: Windows 7 Home Premium x64 Ran by Owner on Wed 01/23/2013 at 18:40:04.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\coupon companion plugin" ~~~ Chrome Dumping contents of C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aagfdddggdgbgfdfgcgcdjgfdedidbgf C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aagfdddggdgbgfdfgcgcdjgfdedidbgf\background.js C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aagfdddggdgbgfdfgcgcdjgfdedidbgf\ContentScript.js C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aagfdddggdgbgfdfgcgcdjgfdedidbgf\manifest.json Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/23/2013 at 18:49:57.91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. AdwCleaner[s1].txt # AdwCleaner v2.107 - Logfile created 01/23/2013 at 18:32:18 # Updated 21/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\Owner\AppData\Local\Conduit Folder Deleted : C:\Users\Owner\AppData\Local\Wajam Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3030 octets] - [23/01/2013 18:19:18] AdwCleaner[s1].txt - [3053 octets] - [23/01/2013 18:32:18] ########## EOF - C:\AdwCleaner[s1].txt - [3113 octets] ##########
  8. TDSSKiller.2.8.15.0_21.01.2013_20.13.19_log.zip
  9. RKreport RogueKiller V8.4.3 [Jan 21 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 01/21/2013 15:02:36 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{EC334FBB-55C1-4D24-B068-F65AD944D6A6} : NameServer (0.0.0.0) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{EC334FBB-55C1-4D24-B068-F65AD944D6A6} : NameServer (0.0.0.0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 ATA Device +++++ --- User --- [MBR] 527f7cb2cde60e1cc54db49c36256481 [bSP] 4dfe940696147ca91d91a77060e1c8c2 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20686848 | Size: 466838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01212013_02d1502.txt >> RKreport[1]_S_01212013_02d1502.txt
  10. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1 Run by Owner at 14:47:03 on 2013-01-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1534 [GMT -8:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uURLSearchHooks: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - <orphaned> uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: MRI_DISABLED - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://anyconnect.ucr.edu/CACHE/stc/6/binaries/vpnweb.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: NameServer = 138.23.146.213 138.23.201.101 TCP: Interfaces\{5BB74B8A-2EF1-4631-BF95-D240FBCF5ABA}\34F6D666F627470294E6E6 : DHCPNameServer = 8.8.4.4 68.94.157.1 8.8.8.8 TCP: Interfaces\{5BB74B8A-2EF1-4631-BF95-D240FBCF5ABA}\83733383 : DHCPNameServer = 10.248.8.37 10.8.21.34 TCP: Interfaces\{5BB74B8A-2EF1-4631-BF95-D240FBCF5ABA}\C41405C4D2055726C69636 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{5BB74B8A-2EF1-4631-BF95-D240FBCF5ABA}\C49626271627977457563747 : DHCPNameServer = 138.23.146.213 138.23.201.101 TCP: Interfaces\{5BB74B8A-2EF1-4631-BF95-D240FBCF5ABA}\E4544574541425 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{9BE1DCA7-EA50-49D0-B2CF-7D9B9EAE8FD1} : DHCPNameServer = 138.23.146.213 138.23.201.101 TCP: Interfaces\{EC334FBB-55C1-4D24-B068-F65AD944D6A6} : NameServer = 0.0.0.0 TCP: Interfaces\{FD9895A5-A7D4-447E-923A-9CB001667FC4} : DHCPNameServer = 192.168.42.129 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-2 55280] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-6-2 18792] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-6-2 60928] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-20 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-20 682344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-7-24 3589416] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-2 2320920] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-7-23 23912] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-6-2 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-16 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-10 158720] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-1-7 271872] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-20 24176] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-3 349800] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-6-7 107432] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-2 35104] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-16 220672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-7-24 18216] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-14 1255736] S4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe [2009-5-5 206064] . =============== Created Last 30 ================ . 2013-01-21 04:49:52 -------- d-----w- C:\Users\Owner\AppData\Local\{DC6EC573-A5F9-4AAE-A48B-F643B032E9D9} 2013-01-21 04:10:26 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-21 04:10:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-20 02:44:57 -------- d-----w- C:\Users\Owner\AppData\Local\{D8CAA81A-D4F4-4C5E-8A48-F280DF08B39E} 2013-01-19 06:18:12 -------- d-----w- C:\Users\Owner\AppData\Local\{31ECED32-EE1F-4B9E-BE20-C8074A9DA0A6} 2013-01-18 22:20:26 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD2D0D54-CB77-44C9-A394-3C868371CEBA}\mpengine.dll 2013-01-14 03:45:21 -------- d-----w- C:\Users\Owner\AppData\Local\{6ADEAFC2-2817-41C8-97B5-FFCE511DE827} 2013-01-13 02:53:09 -------- d-----w- C:\Users\Owner\AppData\Local\{38DA912D-ECC5-4D3E-8CD8-4DA14BCF7E5E} 2013-01-12 02:28:01 -------- d-----w- C:\Users\Owner\AppData\Local\{DC966939-B833-4D47-AB5F-7FE511EF467C} 2013-01-09 20:42:00 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 20:42:00 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 20:40:53 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-06 02:39:57 -------- d-----w- C:\Users\Owner\AppData\Local\{F9517A85-7CCC-4C7F-8530-2859E0ADB7D2} 2013-01-05 03:54:31 -------- d-----w- C:\Users\Owner\AppData\Local\{77A28E98-3486-4931-A170-A22CE415C812} 2013-01-04 02:57:14 -------- d-----w- C:\Users\Owner\AppData\Local\{D9565F13-9D64-45FB-B042-D4DCA6611888} 2013-01-03 03:31:46 -------- d-----w- C:\Users\Owner\AppData\Local\{D1F8E538-0B70-454B-ABD4-4D6DB4DA2E3B} 2013-01-02 01:55:13 -------- d-----w- C:\Users\Owner\AppData\Local\{3813776D-DE95-47BA-926F-BBCBC8AF9BFE} 2013-01-01 20:57:14 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2013-01-01 09:05:28 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-01 05:42:47 -------- d-----w- C:\Users\Owner\AppData\Local\{902C1DCC-B018-44C4-92D4-4481339F7D72} 2012-12-31 23:20:29 64856 ----a-w- C:\Windows\System32\klfphc.dll 2012-12-31 23:19:28 -------- d-----w- C:\Windows\ELAMBKUP 2012-12-31 23:19:21 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-12-31 23:18:35 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys 2012-12-31 22:29:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2012-12-31 22:28:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-31 22:28:05 -------- d-----w- C:\Users\Owner\AppData\Local\Programs 2012-12-31 02:04:06 -------- d-----w- C:\Users\Owner\AppData\Local\{2D142757-ECE2-4820-BDAC-F97546556FAA} 2012-12-30 03:55:10 -------- d-----w- C:\Users\Owner\AppData\Local\{714E71C8-C187-4580-B3BE-575EF67B5853} 2012-12-29 10:46:10 -------- d-----w- C:\Users\Owner\AppData\Local\{F6201E52-D343-4DF3-8BAD-0C6967B1562A} 2012-12-28 22:45:58 -------- d-----w- C:\Users\Owner\AppData\Local\{B67D8381-E986-426A-808A-D0FF722D45A9} 2012-12-28 06:12:17 -------- d-----w- C:\Program Files (x86)\KeyScrambler 2012-12-27 23:06:14 -------- d-----w- C:\Users\Owner\AppData\Local\{3B0E652D-A751-4B4C-9B39-3FC4EEBEA1BC} 2012-12-27 22:38:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\Tific 2012-12-27 22:38:52 -------- d-----w- C:\Users\Owner\AppData\Local\Symantec 2012-12-27 21:13:19 -------- d-----w- C:\ProgramData\Spyrix Free Keylogger 2012-12-27 21:12:37 -------- d-----w- C:\ProgramData\WeCareReminder 2012-12-27 21:12:08 -------- d-----w- C:\Users\Owner\AppData\Local\Wajam 2012-12-27 21:11:53 -------- d-----w- C:\Users\Owner\AppData\Local\Coupon Companion Plugin 2012-12-27 20:26:10 -------- d-----w- C:\Users\Owner\AppData\Local\{EAD7F803-6C3C-4FCA-A37E-E54144C25FC3} 2012-12-26 21:57:40 -------- d-----w- C:\Users\Owner\AppData\Local\{CB97FD1F-B8B3-4BC5-81EF-30BF6FBB9ABB} 2012-12-26 05:58:02 -------- d-----w- C:\Users\Owner\AppData\Local\{B1EDA003-D6E7-421D-B3EC-D0986D3B78E2} 2012-12-25 08:28:01 -------- d-----w- C:\Users\Owner\AppData\Local\{94482CB3-D7FC-4347-AB3D-81857E745F68} 2012-12-24 20:12:56 -------- d-----w- C:\Users\Owner\AppData\Local\{8D43378A-AB64-4086-90DB-A67E3A15B039} 2012-12-24 01:49:30 -------- d-----w- C:\Users\Owner\AppData\Local\{06B694C3-86A3-4AFB-AD57-9B8A561D5E38} 2012-12-23 01:32:26 -------- d-----w- C:\Users\Owner\AppData\Local\{5B4013A6-B307-4692-8FE2-56E3F38FE310} . ==================== Find3M ==================== . 2013-01-09 00:10:30 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 00:10:30 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-01 09:05:23 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-01-01 09:05:23 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-31 23:46:30 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2012-12-20 06:28:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-12-20 06:28:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-26 01:23:06 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys 2012-10-26 01:23:06 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys . ============= FINISH: 14:48:34.56 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/4/2010 2:18:13 PM System Uptime: 1/21/2013 1:02:44 PM (1 hours ago) . Motherboard: Dell Inc. | | 0R225F Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 1178/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 344.069 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP192: 1/1/2013 12:53:25 AM - Installed Microsoft Fix it 50267 RP193: 1/1/2013 1:04:15 AM - Installed Java 7 Update 10 RP194: 1/1/2013 11:40:29 AM - Windows Update RP195: 1/4/2013 11:53:58 AM - Windows Update RP196: 1/4/2013 11:55:31 AM - Windows Update RP197: 1/9/2013 12:38:58 PM - Windows Update RP198: 1/9/2013 2:56:47 PM - Windows Update RP199: 1/11/2013 11:25:12 AM - Windows Update RP200: 1/15/2013 12:12:33 PM - Windows Update RP201: 1/18/2013 2:19:02 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Accelerometer Accidental Damage Services Agreement Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Adobe Shockwave Player 11.5 Advanced Audio FX Engine Aleks 3.18 Apple Application Support Apple Software Update Banctec Service Agreement Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Compatibility Pack for the 2007 Office system Complete Care Business Service Agreement Consumer In-Home Service Agreement D3DX10 Dell Communications (Support Software) Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell Support Center (Support Software) Dell Touchpad Dell Webcam Central Download Updater (AOL LLC) Google Chrome Google Update Helper GoToAssist 8.0.0.514 Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor Intel® Wireless Display Java 7 Update 10 Java Auto Updater Java 6 Update 18 (64-bit) Java 6 Update 31 JavaFX 2.1.1 Junk Mail filter update Kaspersky Internet Security 2013 Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Office XP Professional Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 Nexon Game Manager Pando Media Booster Pen Tablet Premium Service Agreement QualxServ Service Agreement Quickset64 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Roxio Burn Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.0 Synthesia (remove only) System Requirements Lab for Intel Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WIDCOMM Bluetooth Software Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Movie Maker 2.6 Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 1/20/2013 5:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Owner-PC\Owner SID (S-1-5-21-2925118070-2671359715-763210274-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/19/2013 9:50:09 PM, Error: Schannel [36887] - The following fatal alert was received: 80. 1/18/2013 5:05:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9BE1DCA7-EA50-49D0-B2CF-7D9B9EAE8FD1} because another computer on the network has the same name. The server could not start. 1/18/2013 5:05:22 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 169.235.83.135. The computer with the IP address 169.235.87.211 did not allow the name to be claimed by this computer. 1/18/2013 5:05:13 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 169.235.83.135. The computer with the IP address 169.235.87.211 did not allow the name to be claimed by this computer. 1/14/2013 4:36:19 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 169.235.82.123. The computer with the IP address 169.235.86.238 did not allow the name to be claimed by this computer. 1/14/2013 4:36:16 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 169.235.82.123. The computer with the IP address 169.235.86.238 did not allow the name to be claimed by this computer. . ==== End Of File ===========================
  11. Hello this is the first time I'm posting on this forum. Just a few weeks ago my google searches were infected when I was using Internet Explorer and Google Chrome. Norton wasn't able to find the reason why this happened so I used Malwarebytes and it had the following put into quarantine: Trojan.Tracur (File), PUM.Hijack.StartMenu, Trojan.Happili, and Trojan.Tracur (Registry Value). I used a tutorial to remove the google redirect virus for google chrome, which required me to use FixZeroAccess and Avast aswMBR So far when I ran the quick scan recently (after reinstalling Malwarebytes again) the scan results show that there were no malicious items detected and my google searches are no longer redirected. The quarantied items' names are still in the quarantine tab since I haven't pressed on the delete button yet... Though I would like to make sure if I got rid of these viruses. Thank you very much in advance for your time and consideration.