Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help


  • This topic is locked This topic is locked
6 replies to this topic

#1 CrazyMofo107

CrazyMofo107

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 17 February 2013 - 01:32 PM

Hello,
 
I'm normally pretty keen with this kind of stuff but I've found myself at a bit of a loss.  I keep getting unnecessary ads on my yahoo.com home page and various other sites.  Please take a look at my hijackthis log and see if any of you guys can assist please.  I've ran spybot and malware bytes with only one or two results each time that doesn't seem to help.  I ran winsock fix and that didn't do anything either.  I wanted to run lspfix but I got an error when I ran it saying I needed to re-install winsock 2 to windows.  I'd rather not and I'm hoping for a more legit solution.   I appreciate any feedback. 
 
Logfile of HijackThis v1.97.7
Scan saved at 1:32:25 PM, on 2/17/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
C:\Users\Tom\Desktop\Tom\Hijack This\abc.bat.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
O9 - Extra button: Send to OneNote (HKLM)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote (HKLM)
O9 - Extra button: OneNote Lin&ked Notes (HKLM)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 PM

Posted 17 February 2013 - 02:17 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
HijackThis doesn't handle 64 bit Operating System. In your case I need to see a final DDS Log.
I would remove HijackThis using the Add/Remove Programs list.
 
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 
  •  
  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  
  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
  •  
  • Double click on the DDS icon, allow it to run. 
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 
  • Notepad will open with the results. 
  • Follow the instructions that pop up for posting the results. 
  • Please note:  You may have to disable any script protection running if the scan fails to run.
     
     
    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===
     
    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
    IMPORTANT....
     
    1. Close any open browsers.
     
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
    3. Do not install any other programs until this if fixed.
     
    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html
     
    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt
    Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===
     
    Third party programs if not up to date can be the cause infiltration of an infection.
     
    Please run this security check for my review.
     
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  •  
    Please post the logs for my review.


    #3 CrazyMofo107

    CrazyMofo107
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:07:06 PM

    Posted 18 February 2013 - 04:34 PM

    # AdwCleaner v2.112 - Logfile created 02/18/2013 at 16:27:18
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Tom - TOM-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tom\Downloads\adwcleaner0(1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\adawaretb
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\o47w6bkm.default\adawaretb

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_34
    Run by Tom at 16:20:21 on 2013-02-18
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2046.666 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Spotify Web Helper] "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5591A1F6-1143-4BFA-BB82-0C42072F05AC} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\o47w6bkm.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-21 17:30; savevalet@savevalet.com; C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\o47w6bkm.default\extensions\savevalet@savevalet.com.xpi
    FF - ExtSQL: 2013-02-11 19:13; freehdsport@freehdsport.tv; C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\o47w6bkm.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2013-02-16 15:17; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\o47w6bkm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-16 14456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-27 283200]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
    R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-1 1153368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-20 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-27 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-18 07:58:38    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD2C8FD3-3378-4D3E-820E-F6A559B7AE33}\offreg.dll
    2013-02-16 20:19:05    --------    d-----w-    C:\Users\Tom\AppData\Roaming\LavasoftStatistics
    2013-02-16 20:17:09    --------    d-----w-    C:\ProgramData\blekko toolbars
    2013-02-16 20:17:05    --------    d-----w-    C:\Program Files (x86)\adawaretb
    2013-02-16 20:17:04    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
    2013-02-16 20:16:19    --------    d-----w-    C:\ProgramData\Downloaded Installations
    2013-02-16 20:14:27    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
    2013-02-16 19:00:42    --------    d-----w-    C:\Users\Tom\AppData\Local\Zoom_Downloader
    2013-02-16 19:00:13    --------    d-----w-    C:\Program Files (x86)\SaveValet
    2013-02-16 18:59:32    --------    d-----w-    C:\Users\Tom\AppData\Local\Solid Savings
    2013-02-16 18:59:19    --------    d-----w-    C:\Users\Tom\AppData\Local\Updater26278
    2013-02-16 17:50:29    --------    d-----w-    C:\Users\Tom\AppData\Local\Programs
    2013-02-15 08:10:35    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD2C8FD3-3378-4D3E-820E-F6A559B7AE33}\mpengine.dll
    2013-02-12 00:12:54    --------    d-----w-    C:\Program Files (x86)\VipBoxSportsApp.com
    2013-02-06 02:27:34    96664    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2013-02-06 02:27:34    184248    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2013-02-06 02:27:34    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2013-02-06 02:27:34    157712    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    .
    ==================== Find3M  ====================
    .
    2013-02-14 16:22:12    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-14 16:22:12    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
    2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-12-20 13:59:36    1188864    ----a-w-    C:\Windows\System32\wininet.dll
    2012-12-20 12:53:51    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2012-12-20 12:02:26    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
    2012-12-20 11:20:29    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
    2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
    2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
    2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57    68608    ----a-w-    C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 16:20:43.91 ===============
     

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/17/2011 1:01:52 AM
    System Uptime: 2/17/2013 1:01:34 PM (27 hours ago)
    .
    Motherboard: ASUSTek Computer INC. |  | EMERY
    Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 102.017 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP292: 2/5/2013 1:32:45 PM - Windows Update
    RP293: 2/12/2013 12:21:17 PM - Windows Update
    RP294: 2/14/2013 3:00:48 AM - Windows Update
    RP295: 2/18/2013 4:01:23 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Backup Assistant Plus
    BitLord 1.2
    Bonjour
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    FrostWire 4.21.8
    Holdem Manager
    iCloud
    iTunes
    Java Auto Updater
    Java™ 6 Update 34
    Juicy Stakes 2.0
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    Media Player Codec Pack 4.1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft DirectX SDK (June 2010)
    Microsoft Links 2003
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    MotoHelper 2.1.32 Driver 5.4.0
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 5.4.0
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 296.10
    NVIDIA Install Application
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    PokerStars
    PostgreSQL 8.4
    PVSonyDll
    QuickTime
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Spotify
    Spybot - Search & Destroy
    StillLife
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VCRedistSetup
    VirtualCloneDrive
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.00 beta 6 (64-bit)
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2013 4:15:03 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
    2/18/2013 4:14:05 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/16/2013 8:09:01 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    2/14/2013 3:03:09 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/14/2013 3:03:09 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     



    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 40,532 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:06 PM

    Posted 19 February 2013 - 08:36 AM

    Secure your system by updating 3rd party programs.
     
    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
    You can manually check your present version and update as recommended.
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
    Java™ 7 Update 5 
     
    Java 7 update 10 introduced important new security controls
    You can read about it here.
     
    Note
    Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
    I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
    ===
     
    Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks... 
     
     
    On the top of the page you will be given an opportunity to download the version for your operating system.
    Make sure you select appropriate version.
     
    You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
     
    For the users of Internet Explorer download version 11.
    ===
     
    Get the latest version of the  Adobe Reader.
    http://get.adobe.com/reader/
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    ===
    Please let me know if the problem persists.


    #5 CrazyMofo107

    CrazyMofo107
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Local time:07:06 PM

    Posted 19 February 2013 - 09:59 AM

    It appears to have been fixed.  I appreciate the assistance!

     

    Thank you!



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 40,532 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:06 PM

    Posted 19 February 2013 - 10:14 AM

    Glad we could help.
     
    If all is well:
     
    Time for some housekeeping
    The following will implement some cleanup procedures as well as reset  System Restore points:
     
    Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
     
    ComboFix /Uninstall 
    ===
     
    To remove AdwCleaner.
     
    Please double click on AdwCleaner.exe to run the tool.
    Click on Uninstall.
    Confirm with Yes.
     
    If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.
     
    Delete the other tools we used.
    You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
     
    Surf Safely, and Think Prevention!
    ===


    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 40,532 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:06 PM

    Posted 19 February 2013 - 10:14 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users