Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win32/small.ca. Don't know how to remove it


  • This topic is locked This topic is locked
23 replies to this topic

#1 hamburgerin

hamburgerin

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 30 April 2013 - 09:01 PM

Circa 5 days ago Windows Action Center showed message to remove win32/small.ca. Scanning with MS Security Essentials and MS Security Scanner showed nothing. Malwarebytes redflagged 2 objects but stopped at c:\\windows\assembly\GAC_MISL\exechost\..... and could not finish. Today the Windows Action Center shows message; "Windows Security Center is turned off" and pushing turn on button does nothing.

 

My computer so far is running normally, without slowdown or blue screens. But I would like to remove it before bad things happen. I read several other posts about this virus on this site but it seems there is no standard fix.

 

Any help would be greatly appreciated.

Kerstin

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/6/2012 6:27:23 PM
System Uptime: 4/29/2013 8:48:08 PM (25 hours ago)
.
Motherboard: Dell Inc. |  | 01HXXJ
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU 1 | 2494/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 857.849 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP96: 4/26/2013 7:56:59 PM - Scheduled Checkpoint
RP97: 4/27/2013 9:07:58 PM - Windows Backup
RP98: 4/28/2013 11:34:33 PM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
Advanced Audio FX Engine
Banctec Service Agreement
Bing Bar
Blio
Bluetooth Win7 Suite (64)
Canon MX340 series MP Drivers
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DirectX 9 Runtime
Dropbox
Facebook Video Calling 1.2.0.287
GIMP 2.8.2
Google Earth Plug-in
Google Update Helper
High-Definition Video Playback
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java™ 7 Update 1 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Notepad++
OpenOffice.org 3.4.1
PhotoShowExpress
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Sonic CinePlayer Decoder Pack
Stickies 7.1d
SyncUP
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
4/30/2013 9:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/30/2013 9:22:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
4/30/2013 9:22:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/30/2013 9:22:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/30/2013 8:58:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.149.806.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9402.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
4/30/2013 8:58:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.149.806.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9402.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
4/30/2013 8:58:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/30/2013 8:49:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/30/2013 7:19:29 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 9:26:47 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer GREG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B}. The master browser is stopping or an election is being forced.
4/29/2013 9:20:58 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
4/29/2013 8:50:26 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 8:49:00 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 8:48:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2013 8:48:26 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
4/29/2013 8:45:37 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
4/28/2013 8:37:42 AM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/28/2013 5:32:58 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/28/2013 5:32:58 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
4/28/2013 5:30:22 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/28/2013 11:25:32 PM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
4/28/2013 1:25:18 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/27/2013 8:37:39 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
4/26/2013 9:36:33 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.149.544.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9402.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
4/26/2013 7:48:34 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
4/26/2013 10:46:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
4/26/2013 10:07:58 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
4/26/2013 1:48:07 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
4/23/2013 8:56:43 PM, Error: NetBT [4321]  - The name "KERSTIN-PC     :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 04 May 2013 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

p.s.
You may still have this tool. Just post the DDS.TXT log. DO NOT attach the log
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 09:43 AM

Hello Nasdaq,

Below is the log from Security Check scan.

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#4 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 10:01 AM

This is the first message I sent from my gmail account, which failed to deliver.
 
Hello Nasdaq,
Sorry for the delay. I was not at home yesterday.
You may find it useful to know that, since I posted my help request, I have run a couple of tools that were mentioned in other threads about removing this virus: in particular roguekiller, and deleted the highlighted items. There are a bunch of logs on my desktop from my attempt to work with this program.
Below are the logs from the dds.scr scan you requested.
Thank you for your response.
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.7.2
Run by Kerstin-two at 8:58:16 on 2013-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4063 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Kerstin-two\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.31.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Kerstin-two\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\KERSTI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B}\0544644523 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.31.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kerstin-two\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-05 21:15; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-29 55856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-29 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-29 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-29 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-29 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-29 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-6 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-29 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-05 12:21:03    9317456    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D8C3095-177D-4991-9854-946E580A61C3}\mpengine.dll
2013-05-05 12:11:06    972264    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B2FD523-2331-521B-AEE4-0F437B7D2EFA}\GapaEngine.dll
2013-05-05 02:17:31    9317456    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-04 02:14:17    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\SUPERAntiSpyware.com
2013-05-04 02:14:12    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-04-28 00:38:49    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\Roxio Burn
2013-04-28 00:21:30    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\Macrovision
2013-04-26 02:02:55    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\Programs
2013-04-24 14:53:46    --------    d-----w-    C:\windows\System32\%LOCALAPPDATA%
2013-04-24 12:59:47    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-24 01:18:12    905296    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1DA327E7-4938-4AD6-A52D-4B91CA663584}\gapaengine.dll
2013-04-20 01:31:01    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\{7A9161DE-0763-4303-AC90-521F69B2EB6B}
2013-04-17 02:54:33    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\{68D4DA36-7924-46BD-89BA-9BD133605D59}
2013-04-10 12:31:14    3153408    ----a-w-    C:\windows\System32\win32k.sys
2013-04-10 12:31:10    3717632    ----a-w-    C:\windows\System32\mstscax.dll
2013-04-10 12:31:10    3217408    ----a-w-    C:\windows\SysWow64\mstscax.dll
2013-04-10 12:31:09    44032    ----a-w-    C:\windows\System32\tsgqec.dll
2013-04-10 12:31:09    36864    ----a-w-    C:\windows\SysWow64\tsgqec.dll
2013-04-10 12:31:09    158720    ----a-w-    C:\windows\System32\aaclient.dll
2013-04-10 12:31:09    131584    ----a-w-    C:\windows\SysWow64\aaclient.dll
2013-04-10 12:30:53    223752    ----a-w-    C:\windows\System32\drivers\fvevol.sys
2013-04-10 12:30:52    5550424    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-04-10 12:30:52    3913560    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:30:51    6656    ----a-w-    C:\windows\SysWow64\apisetschema.dll
2013-04-10 12:30:51    43520    ----a-w-    C:\windows\System32\csrsrv.dll
2013-04-10 12:30:51    3968856    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:30:51    112640    ----a-w-    C:\windows\System32\smss.exe
2013-04-07 12:30:45    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\CrashDumps
2013-04-07 01:53:22    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-04-07 01:52:36    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-06 01:28:20    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\FireShot
.
==================== Find3M  ====================
.
2013-05-02 15:29:56    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-04-04 18:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-03-13 08:48:52    73432    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 08:48:52    693976    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-21 10:30:16    1766912    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\windows\System32\drivers\usb8023.sys
.
============= FINISH:  8:58:39.10 ===============
 


 
I
cleardot.gif
profile_mask2.png
Mail Delivery Subsystem <mailer-daemon@googlemail.com>
9:37 AM (1 hour ago)
cleardot.gif
 
cleardot.gif
cleardot.gif
to me
cleardot.gif

Delivery to the following recipient failed permanently:

     bleep@bleepingcomputer.com

 

 

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain bleepingcomputer.com by aspmx.l.google.com. [2607:f8b0:4001:c02::1a].



#5 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 10:12 AM

Below is the log from the AdwCleaner scan.

 

 

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 10:48:22
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kerstin-two - KERSTIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Kerstin-two\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\gophoto@gophoto.it.xpi
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\h0mcvaab.default\extensions\staged
Folder Found : C:\Users\Kerstin-two\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Kerstin-two\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\jetpack

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-790548412-362508516-933781748-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=120912_ccp_3812_1&babsrc=NT_ss&mntrId=7c4e86d400000000000008edb9015f96

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\h0mcvaab.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

File : C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4133 octets] - [05/05/2013 10:48:22]

########## EOF - C:\AdwCleaner[R1].txt - [4193 octets] ##########
 



#6 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 10:44 AM

Below is the log from RogueKiller scan.

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kerstin-two [Admin rights]
Mode : Scan -- Date : 05/05/2013 11:41:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 5fe7ef393c15df3b82deebd5aae47a82
[BSP] d60a640d57d63151926eb4e894648f2c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 938767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[10]_S_05052013_02d1141.txt >>
RKreport[10]_S_05052013_02d1141.txt ; RKreport[1]_S_05032013_02d2250.txt ; RKreport[2]_D_05032013_02d2253.txt ; RKreport[3]_D_05032013_02d2254.txt ; RKreport[4]_S_05032013_02d2255.txt ;
RKreport[5]_H_05032013_02d2255.txt ; RKreport[6]_PR_05032013_02d2255.txt ; RKreport[7]_SC_05032013_02d2300.txt ; RKreport[8]_PR_05032013_02d2302.txt ; RKreport[9]_S_05052013_02d1138.txt


 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 05 May 2013 - 10:52 AM

Please run the RogueKiller tool again, this time used the Delete Option.
Restart the computer normally.

Post a fresh RogueKiller log.

===

Your DDS log was truncated and is not complete.

Please run the program again and post a fresh log for my review.

Let me know what problem persists.

#8 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 11:11 AM

RogueKiller scan after deletion of detected items. Am I to do anything under the other tabs of this application?

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kerstin-two [Admin rights]
Mode : Remove -- Date : 05/05/2013 12:07:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 5fe7ef393c15df3b82deebd5aae47a82
[BSP] d60a640d57d63151926eb4e894648f2c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 938767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[12]_D_05052013_02d1207.txt >>
RKreport[10]_S_05052013_02d1141.txt ; RKreport[11]_S_05052013_02d1206.txt ; RKreport[12]_D_05052013_02d1207.txt ; RKreport[1]_S_05032013_02d2250.txt ; RKreport[2]_D_05032013_02d2253.txt ;
RKreport[3]_D_05032013_02d2254.txt ; RKreport[4]_S_05032013_02d2255.txt ; RKreport[5]_H_05032013_02d2255.txt ; RKreport[6]_PR_05032013_02d2255.txt ; RKreport[7]_SC_05032013_02d2300.txt ;
RKreport[8]_PR_05032013_02d2302.txt ; RKreport[9]_S_05052013_02d1138.txt


 



#9 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 11:14 AM

Here is the rerun of DDS.scr.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.7.2
Run by Kerstin-two at 12:10:17 on 2013-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.3926 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.31.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Kerstin-two\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\KERSTI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B}\0544644523 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.31.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kerstin-two\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-05 21:15; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; C:\Users\Kerstin-two\AppData\Roaming\Mozilla\Firefox\Profiles\znc77wmq.default-1349533831862\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-29 55856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-29 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-29 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-29 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-29 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-29 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-6 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-29 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-05 14:53:33    972264    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CDE4913-5689-A21C-A88B-EC384CE9420C}\GapaEngine.dll
2013-05-05 12:21:03    9317456    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D8C3095-177D-4991-9854-946E580A61C3}\mpengine.dll
2013-05-05 02:17:31    9317456    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-04 02:14:17    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\SUPERAntiSpyware.com
2013-05-04 02:14:12    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-04-28 00:38:49    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\Roxio Burn
2013-04-28 00:21:30    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\Macrovision
2013-04-26 02:02:55    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\Programs
2013-04-24 14:53:46    --------    d-----w-    C:\windows\System32\%LOCALAPPDATA%
2013-04-24 12:59:47    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-24 01:18:12    905296    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1DA327E7-4938-4AD6-A52D-4B91CA663584}\gapaengine.dll
2013-04-20 01:31:01    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\{7A9161DE-0763-4303-AC90-521F69B2EB6B}
2013-04-17 02:54:33    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\{68D4DA36-7924-46BD-89BA-9BD133605D59}
2013-04-10 12:31:14    3153408    ----a-w-    C:\windows\System32\win32k.sys
2013-04-10 12:31:10    3717632    ----a-w-    C:\windows\System32\mstscax.dll
2013-04-10 12:31:10    3217408    ----a-w-    C:\windows\SysWow64\mstscax.dll
2013-04-10 12:31:09    44032    ----a-w-    C:\windows\System32\tsgqec.dll
2013-04-10 12:31:09    36864    ----a-w-    C:\windows\SysWow64\tsgqec.dll
2013-04-10 12:31:09    158720    ----a-w-    C:\windows\System32\aaclient.dll
2013-04-10 12:31:09    131584    ----a-w-    C:\windows\SysWow64\aaclient.dll
2013-04-10 12:30:53    223752    ----a-w-    C:\windows\System32\drivers\fvevol.sys
2013-04-10 12:30:52    5550424    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-04-10 12:30:52    3913560    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:30:51    6656    ----a-w-    C:\windows\SysWow64\apisetschema.dll
2013-04-10 12:30:51    43520    ----a-w-    C:\windows\System32\csrsrv.dll
2013-04-10 12:30:51    3968856    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:30:51    112640    ----a-w-    C:\windows\System32\smss.exe
2013-04-07 12:30:45    --------    d-----w-    C:\Users\Kerstin-two\AppData\Local\CrashDumps
2013-04-07 01:53:22    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-04-07 01:52:36    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-06 01:28:20    --------    d-----w-    C:\Users\Kerstin-two\AppData\Roaming\FireShot
.
==================== Find3M  ====================
.
2013-05-02 15:29:56    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-04-04 18:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-03-13 08:48:52    73432    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 08:48:52    693976    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-21 10:30:16    1766912    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\windows\System32\drivers\usb8023.sys
.
============= FINISH: 12:10:39.05 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/6/2012 6:27:23 PM
System Uptime: 5/5/2013 10:52:05 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 01HXXJ
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 857.265 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 5/1/2013 7:51:39 PM - Scheduled Checkpoint
RP100: 5/3/2013 10:30:43 PM - Windows Update
RP101: 5/4/2013 10:14:16 PM - Restore Operation
RP102: 5/5/2013 8:20:28 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
Advanced Audio FX Engine
Banctec Service Agreement
Bing Bar
Blio
Bluetooth Win7 Suite (64)
Canon MX340 series MP Drivers
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DirectX 9 Runtime
Dropbox
Facebook Video Calling 1.2.0.287
GIMP 2.8.2
Google Earth Plug-in
Google Update Helper
High-Definition Video Playback
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java™ 7 Update 1 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Notepad++
OpenOffice.org 3.4.1
PhotoShowExpress
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Sonic CinePlayer Decoder Pack
Stickies 7.1d
SyncUP
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
5/5/2013 8:10:00 AM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
5/5/2013 10:54:52 AM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
5/5/2013 10:54:25 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/5/2013 10:53:46 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/4/2013 8:22:05 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
5/4/2013 10:17:31 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.      Signatures Attempted: Current      Error Code: 0x80070002      Error description: The system cannot find the file specified.       Signature version: 0.0.0.0;0.0.0.0      Engine version: 0.0.0.0
5/1/2013 7:51:38 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/1/2013 7:51:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
5/1/2013 7:51:17 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/1/2013 7:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
5/1/2013 7:08:48 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
5/1/2013 6:06:04 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
4/30/2013 9:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/30/2013 9:22:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
4/30/2013 9:22:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/30/2013 9:22:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/30/2013 8:58:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.149.806.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9402.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
4/30/2013 8:58:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.149.806.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9402.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
4/30/2013 8:58:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/30/2013 8:49:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/30/2013 7:19:29 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 9:26:47 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer GREG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2B3C7195-2EAD-4F40-9295-7F5FC0E7277B}. The master browser is stopping or an election is being forced.
4/29/2013 8:50:26 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 8:49:00 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/29/2013 8:48:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2013 8:48:26 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
4/29/2013 8:45:37 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
4/28/2013 5:32:58 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/28/2013 5:32:58 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
4/28/2013 5:30:22 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
.
==== End Of File ===========================
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 05 May 2013 - 12:47 PM

Please let me know what problem persists.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 7

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#11 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 02:14 PM

Hello Nasdaq.

I read your referenced articles and followed your instructions to update my Java from update 7 to 21. I uninstalled the older version, which did not show up in my add/remove programs until I had installed the latest version. Then I disabled Java for all browsers. I also updated the Adobe Flash player and Reader to 11.

 

The Action Center message relating to the virus no longer shows up. Does that mean the backdoor trojan is gone? Is there anything else I should do?

 

Thanks



#12 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 05 May 2013 - 07:30 PM

Hello,

Rereading your last message, I should have mentioned an issue that has not been resolved. Malwarebytes scan is still flagging 2 objects that probably should be removed. But mbam gets stopped when scanning the 2nd object:

c:\windows\assembly\GAC_MISL\ehCIR\6.1.0.0_31bf3856ad364e35\ehCIR.dll

When the scan gets to that point, the computer slows to a crawl. To get back to normal operations I end up shutting it down by pressing the power button



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 06 May 2013 - 07:13 AM

Rereading your last message, I should have mentioned an issue that has not been resolved. Malwarebytes scan is still flagging 2 objects that probably should be removed. But mbam gets stopped when scanning the 2nd object:
c:\windows\assembly\GAC_MISL\ehCIR\6.1.0.0_31bf3856ad364e35\ehCIR.dll


This file is required by the operating system.

http://www.faultwire.com/file_report/ehcir.dll.html

more here: http://dll-repair.com/ehcir-dll/
===

Lets have a look at that file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    ehCIR.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 hamburgerin

hamburgerin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:26 PM

Posted 06 May 2013 - 09:55 AM

Hello Nasdaq,

I am at work today, so my time is more limited. Brought my computer and ran the SystemLook.exe program. Below is the log

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:51 on 06/05/2013 by Kerstin-two
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "ehCIR.dll"
C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll    --a---- 94208 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 3AC3967EB34A432332FF4E2D971397E8
C:\Windows\ehome\ehCIR.dll    --a---- 94208 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 3AC3967EB34A432332FF4E2D971397E8
C:\Windows\winsxs\msil_ehcir_31bf3856ad364e35_6.1.7601.17514_none_e28a10782a08d2e0\ehCIR.dll    --a---- 94208 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 3AC3967EB34A432332FF4E2D971397E8

-= EOF =-



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 06 May 2013 - 10:56 AM


The files are all the same version.

Run this online scan.
If nothing is found and you wish to check why this is stopped by Malwarebytes I suggrest you take this matter with them. They may be interested in knowing this also.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users