rdstill

Members
  • Content count

    24
  • Joined

  • Last visited

About rdstill

  • Rank
    New Member
  1. Attached is the FRST fixlog. The original problem seems to be resolved. My antivirus program is now updating automatically, and, I can also successfully run a manual update. Fixlog.txt
  2. Here are the two logs from the Farbar tool. FRST.txt Addition.txt
  3. Here is the Malwarebytes scan. Working on Farbar now. Will post back with that as soon as that's done. BTW, just to let you know. After deleting everything that Malwarebytes discovered, my Kaspersky is now updating. scan_2.txt
  4. TwinHeadedEagle, Hello, and thank you for your response. I am re-running Malwarebytes right now, and will post as soon as it's finished. Thank you.
  5. Hello, Let me first say that back in 9/2013, i had a piece of malware that you so generously help me remove. You guys are great. Currently, my antivirus program will not update it's .DAT. files. I use Kaspersky, and I recently noticed a "!" next to the icon in my system tray. Upon investigation, I discovered it was not auto-updating. When I command it to update manually, it appears to complete updating, but, Kaspersky still continues to report that it is "extremely out of date". To me, this screams of some type of malware on my computer blocking it's updating capability. I recently ran Malwarebytes (last night), and would like you to review the attached scan file to see if any of this is malware that could be interfering with my Kaspersky updating (it found 18 items). Also, if there is anything else that I can run or check for you to help me investigate this problem I would must appreciate any suggestions/help. Thank you. scan_1.txt
  6. Well - I don't know. I may still have the infection, but I figured out how to make the condition "not happen". All of a sudden it hit me that some how my search engine in the top right corner had changed from Google, which is what I normally keep it on, to a generic search box. (See previous screen shot). So I changed the engine back to google in that search box, and clicked on "manage search engines" as shown in the below screenshot, deleted the generic search engine, and all seems to be fine now. Capture.bmp
  7. Problem is still not fixed. See my attachment for a picture of what I am seeing on my end.
  8. I ran the Malwarebytes Quick Scan and it said "no malicious items were detected". Below is the report. I am about to perform a restart on my computer and see if the browsers still behave badly. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.20.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Robert :: RDSTILL2 [administrator] 11/20/2013 7:59:50 PM mbam-log-2013-11-20 (19-59-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235792 Time elapsed: 4 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. I ran AdwCleaner Here is the log after the reboot: # AdwCleaner v3.012 - Report created 20/11/2013 at 19:36:47 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Robert - RDSTILL2 # Running from : C:\Users\Robert\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : AddonsHelper ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Robert\AppData\Roaming\HELPER ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : HKCU\Software\OCS ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\prefs.js ] Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"); Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1367461719222"); Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1367373991133"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1367461714756"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1364707758339"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1364707758346"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1364707758556"); Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1364707758352"); -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : search_url ************************* AdwCleaner[R0].txt - [27054 octets] - [20/10/2013 19:36:42] AdwCleaner[R1].txt - [1268 octets] - [20/10/2013 20:01:13] AdwCleaner[R2].txt - [2909 octets] - [20/11/2013 19:33:06] AdwCleaner[s0].txt - [27278 octets] - [20/10/2013 19:51:20] AdwCleaner[s1].txt - [1333 octets] - [20/10/2013 20:02:29] AdwCleaner[s2].txt - [2722 octets] - [20/11/2013 19:36:47] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2782 octets] ########## I am about to run Malwarebytes. I just wanted to get this log posted.I will let you know how that goes.
  10. After deleting the file and folder, the problem is still occurring.
  11. Windowns did indeed allow me to manually delete: C:\ProgramData\DNSErrorHelper\bho.dll C:\ProgramData\DNSErrorHelper Do I still need to complete the other tasks you mentioned in your last post?
  12. Here is the RogueKiller report RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Robert [Admin rights] Mode : Scan -- Date : 11/19/2013 22:47:54 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS +++++ --- User --- [MBR] e4531536944818e0c60d9bf3eadf6993 [bSP] 05bfc4d35f6452c4e2c5889c5d2c91a0 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11192013_224754.txt >>
  13. I've been infected with something. I think It's called Firetab. It's very intermittent. It's infected my browsers. Sometimes, when I load up a browser, everything is fine. But, then, when I search for a certain search term, (and I don't know which search terms they are; it's just random, "malwarebytes" or "how to remove firetab" is an example), the address bar just flickers with different addresses and I see the word "firetab" in the address bar over and over. I ran Malwarebytes and it did not help. Here's a link to the image of a screen capture of what's going on on my screen: https://forums.malwarebytes.org/uploads/monthly_11_2013/post-145667-0-80243200-1384411982.png Please assist me in removing it. Here are the DDS.txt and Attach.txt logs: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/2/2012 6:28:12 PM System Uptime: 11/19/2013 5:53:15 PM (3 hours ago) . Motherboard: Dell Inc. | | 07FXP8 Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2375/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 181.589 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0000 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0000 Service: VBoxNetAdp . ==== System Restore Points =================== . RP203: 11/11/2013 8:45:04 PM - Removed PriceSparrow RP204: 11/13/2013 12:14:00 AM - Windows Update RP205: 11/13/2013 3:00:29 AM - Windows Update RP206: 11/16/2013 1:36:54 AM - ComboFix created restore point RP207: 11/19/2013 6:14:30 PM - Windows Update . ==== Installed Programs ====================== . µTorrent AccessData FTK Imager Accidental Damage Services Agreement Adobe AIR Adobe Download Assistant Adobe Dreamweaver CS6 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader X (10.1.8) MUI Adobe Widget Browser Advanced Audio FX Engine Akamai NetSession Interface Any Video Converter 5.0.5 Apple Application Support Apple Mobile Device Support Apple Software Update Aptana Studio 3 Banctec Service Agreement Bejeweled 2 Deluxe Blackhawk Striker 2 Bonjour Boris Graffiti for Corel Bounce Symphony Build-a-lot 2 Cake Mania Canon MX340 series MP Drivers Chuzzle Deluxe Common Complete Care Business Service Agreement Consumer In-Home Service Agreement Contents Corel VideoStudio Pro X4 Ultimate Coupon Printer for Windows Cozi CueCard (remove only) D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell MusicStage Dell PhotoStage Dell Stage Dell System Detect Dell Touchpad Dell VideoStage Dell Webcam Central Dell Wireless Driver Installation DeviceIO Diner Dash 2 Restaurant Rescue DirectX 9 Runtime Dora's World Adventure eBay Escape Whisper Valley Farm Frenzy FATE Final Drive Fury Final Drive Nitro Google Chrome Google Update Helper HandBrake 0.9.6 Hex Workshop v6.7 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) ICA IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IPM_VS_Pro ISCOM iTunes Java 7 Update 45 Java Auto Updater Java 6 Update 27 (64-bit) Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Kaspersky Anti-Virus 2013 LabSim Luxor Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Miro Video Converter Mozilla Firefox 25.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Dell Namco All-Stars PAC-MAN Oracle VM VirtualBox 4.2.18 Penguins! PhotoShowExpress Picasa 3 Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer Premium Service Agreement PrintCoupon proDAD Mercalli 2.0 ProDiscover Basic 4.8a PureHD QualxServ Service Agreement Quickset64 QuickTime RBVirtualFolder64Inst Realtek Ethernet Controller Driver Realtek USB 2.0 Card Reader Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Sam Spade version 1.14 Samantha Swift Scholastic's I SPY Fun House Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition Setup Share Share64 Skype™ 5.10 SmartSound Common Data SmartSound Quicktracks 5 Sonic CinePlayer Decoder Pack SyncToy 2.1 (x86) Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition Update Installer for WildTangent Games App VIO Virtual Villagers 4 - The Tree of Life VSClassic VSUltimate Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinPcap 4.1.2 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 11/19/2013 6:02:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RDSTILL1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5162998E-B318-4DB9-869D-A8734C84C783}. The master browser is stopping or an election is being forced. 11/16/2013 11:55:47 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/16/2013 11:54:29 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 11/16/2013 11:54:28 AM, Error: Service Control Manager [7000] - The AddonsHelper service failed to start due to the following error: The system cannot find the file specified. 11/16/2013 11:49:20 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 11/16/2013 1:52:48 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/16/2013 1:46:51 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/16/2013 1:36:33 AM, Error: Service Control Manager [7034] - The AddonsHelper service terminated unexpectedly. It has done this 1 time(s). 11/14/2013 2:35:11 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 11/12/2013 11:55:12 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5162998E-B318-4DB9-869D-A8734C84C783} because another computer on the network has the same name. The server could not start. 11/12/2013 11:55:12 PM, Error: NetBT [4321] - The name "RDSTILL2 :20" could not be registered on the interface with IP address 10.0.0.16. The computer with the IP address 169.254.230.225 did not allow the name to be claimed by this computer. 11/12/2013 11:55:12 PM, Error: NetBT [4321] - The name "RDSTILL2 :0" could not be registered on the interface with IP address 10.0.0.16. The computer with the IP address 169.254.230.225 did not allow the name to be claimed by this computer. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2 Run by Robert at 20:05:40 on 2013-11-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2935.1221 [GMT -6:00] . AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\windows\system32\svchost.exe -k imgsvc C:\windows\System32\svchost.exe -k secsvcs C:\windows\System32\alg.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\windows\splwow64.exe C:\windows\system32\rundll32.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: <No Name>: {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll uRun: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe" uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll Trusted Zone: dell.com TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\2375942554934333 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\3516978456C6C6F645F6D497C4964747C65664279656E646 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{5162998E-B318-4DB9-869D-A8734C84C783}\354796C6C6 : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\ FF - prefs.js: browser.search.defaulturl - FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - ExtSQL: 2013-11-16 01:18; autofillForms@blueimp.net; C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rknmdoy8.default\extensions\autofillForms@blueimp.net.xpi . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-30 55856] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-30 89600] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13336] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-30 689472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2533400] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-30 176096] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-11-30 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-11-30 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-30 317440] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-10-25 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-10-25 29280] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 AddonsHelper;AddonsHelper;C:\Users\Robert\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe --> C:\Users\Robert\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-30 250984] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736] S3 WPRO_41_1879;WinPcap Packet Driver (WPRO_41_1879);C:\windows\System32\drivers\WPRO_41_1879.sys [2013-1-31 34832] S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] S4 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-11-20 00:26:22 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19C9920B-24F1-47DD-80EE-9C7746A2811F}\offreg.dll 2013-11-20 00:15:19 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19C9920B-24F1-47DD-80EE-9C7746A2811F}\mpengine.dll 2013-11-16 07:55:07 -------- d-----w- C:\$RECYCLE.BIN 2013-11-16 07:36:47 98816 ----a-w- C:\windows\sed.exe 2013-11-16 07:36:47 256000 ----a-w- C:\windows\PEV.exe 2013-11-16 07:36:47 208896 ----a-w- C:\windows\MBR.exe 2013-11-13 09:07:02 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-11-13 06:31:09 1474048 ----a-w- C:\windows\System32\crypt32.dll 2013-11-13 06:31:08 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-11-13 06:28:20 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-11-13 06:28:17 1930752 ----a-w- C:\windows\System32\authui.dll 2013-11-13 06:28:17 1796096 ----a-w- C:\windows\SysWow64\authui.dll 2013-11-13 06:28:16 197120 ----a-w- C:\windows\System32\credui.dll 2013-11-13 06:28:16 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll 2013-11-13 06:28:16 168960 ----a-w- C:\windows\SysWow64\credui.dll 2013-11-13 06:28:16 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-11-13 06:23:11 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes 2013-11-13 06:22:59 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-11-13 06:22:59 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-13 06:22:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-13 05:50:00 -------- d-----w- C:\Users\Robert\AppData\Roaming\Helper 2013-11-12 02:30:22 -------- d-----w- C:\ProgramData\DNSErrorHelper 2013-11-06 04:04:43 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-11-06 04:04:43 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-11-06 04:04:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-11-06 04:04:43 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-11-06 04:04:43 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-11-06 04:04:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-11-06 04:04:43 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2013-11-06 03:34:48 -------- d-----w- C:\Users\Robert\VirtualBox VMs 2013-11-06 03:31:30 238352 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys 2013-11-06 03:31:21 119056 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys 2013-11-06 03:31:17 -------- d-----w- C:\Program Files\Oracle 2013-11-03 17:49:20 -------- d-----w- C:\Program Files\iPod 2013-11-03 17:49:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-03 17:49:18 -------- d-----w- C:\Program Files\iTunes 2013-11-03 17:49:18 -------- d-----w- C:\Program Files (x86)\iTunes 2013-11-03 03:17:31 -------- d-----w- C:\Program Files\BreakPoint Software 2013-11-03 03:10:03 -------- d-----w- C:\Users\Robert\Flashbackup 2013-10-28 03:58:43 -------- d-----w- C:\Program Files (x86)\AccessData 2013-10-23 04:02:43 -------- d-----w- C:\Users\Robert\Work 2013-10-21 02:46:56 -------- d-----w- C:\Program Files (x86)\Technology Pathways 2013-10-21 02:46:13 -------- d-----w- C:\windows\Downloaded Installations 2013-10-21 02:44:51 -------- d-----w- C:\Users\Robert\Prodiscover . ==================== Find3M ==================== . 2013-10-21 01:17:57 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-17 23:23:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-17 21:56:28 29280 ----a-w- C:\windows\System32\drivers\klmouflt.sys 2013-10-17 21:56:28 29280 ----a-w- C:\windows\System32\drivers\klkbdflt.sys 2013-10-17 21:56:25 7717984 ----a-w- C:\windows\System32\drivers\kl1.sys 2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll 2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll 2013-10-12 08:43:32 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-10-12 08:43:32 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-10-12 07:02:29 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-10-12 07:02:29 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-10-12 06:35:26 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-10-12 05:44:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-10-12 05:15:39 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL 2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll 2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-06 20:25:40 146704 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys 2013-09-06 20:25:40 131856 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys 2013-09-06 20:25:38 204048 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll 2013-09-03 19:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-05-15 17:38:04 4167680 ----a-w- C:\Program Files (x86)\GUT28D.tmp . ============= FINISH: 20:06:10.16 ===============
  14. That link you gave me just linked me to paid subscription help. I'm just looking for free assistance.
  15. I've been infected with something. I think It's called Firetab. It's very intermittent. It's infected my browsers. Sometimes, when I load up a browser, everything is fine. But, then, when I search for a certain search term, (and I don't know which search terms they are; it's just random), the address bar just flickers with different addresses and I see the word "firetab" in the address bar over and over. I've posted a screenshot of what it looks like when I search the word "malwarebytes" in Firefox. Please help me remove.