Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security Preventing any Programs from running


  • This topic is locked This topic is locked
4 replies to this topic

#1 droesbeck

droesbeck

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 June 2013 - 05:23 AM

Thanks for any support you can offer me. 

 

I have attempted to follow the instructions in BleepingComputer to remove the Internet Security preventing me from opening any programs.  The problems still exists.  I ran the TDSSKILLER program and it still persists.  I do have malware installed and the RKill program.  However the Internet Security program keeps popping up indicating the computer is infected and will not allow any programs to operate.

 

 

DOWNLOAD of DDS TXT

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Troy at 7:04:08 on 2013-06-11
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716
uSearch Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis2.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\5.2.1.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\5.2.1.3\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\troy\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis2.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.1.3\coieplg.dll
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWis2.dll
TB: Nikken International BenefitBar: {E19E589B-749F-4641-9ED3-032DEB7A8D92} - c:\program files\benefitbarie\benefitbar.dll
TB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.1.3\coieplg.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis2.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Facebook Update] "c:\documents and settings\troy\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Updater21802.exe] c:\documents and settings\troy\local settings\application data\updater21802\Updater21802.exe /extensionid=21802 /extensionname='Shopping Sidekick Plugin' /chromeid=dlopielgodpjhkbapdlbbicpiefpaack /stayidle /delay=300
uRun: [Internet Security] c:\documents and settings\all users\application data\ihdefender.exe
mRun: [SupportPortal] iexplore.exe file://C:/Program Files/Common Files/Motive/ClientSyncLoader.htm?http;nsprdnacw-vip.aliant.net:80/lwp/rebootHandler.do;rebootOccured=true
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\docume~1\troy\startm~1\programs\startup\jacqui~1.lnk - c:\program files\jacquie lawson london advent calendar\Jacquie Lawson London Advent Calendar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116856221468
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nikkenwellness.webex.com/client/T26L/webex/ieatgpc.cab
TCP: NameServer = 192.168.2.1 142.177.2.130
TCP: Interfaces\{A66A2CD8-328D-49BF-BED4-C70E7F47DB86} : DHCPNameServer = 192.168.2.1 142.177.2.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs= c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\troy\application data\mozilla\firefox\profiles\t0oh0pdi.default\
FF - prefs.js: browser.search.selectedEngine - VisualBee V.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tsn.ca
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&octid=CT3268494&CUI=UN11086513265784204&SearchSource=2&q=
FF - plugin: c:\documents and settings\troy\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\troy\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: !HIDDEN! 2010-01-04 20:16; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 64e8dada-0f94-4cf7-800e-2354515bb49c
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-06-11 00:45:02    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-06-10 23:12:41    845824    ----a-w-    c:\documents and settings\all users\application data\ihdefender.exe
2013-06-04 07:21:17    1409    ----a-w-    c:\windows\QTFont.for
.
==================== Find3M  ====================
.
2013-06-11 00:47:25    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys
2013-05-13 22:43:07    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-13 22:43:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-30 04:28:50    102448    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2013-04-04 17:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  7:05:30.85 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 11 June 2013 - 08:05 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 droesbeck

droesbeck
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 June 2013 - 06:07 PM

Marius.  Thank you for your support.

 

The following are the two (2) text files you requested;  Note, prior to recieving your e-mail correspondance I used Norton 360 to run a scan that found a few items and fixed them.  Let me know if this is a problem.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013
Ran by Troy (administrator) on 11-06-2013 19:54:43
Running from C:\Documents and Settings\Troy\My Documents\Downloads
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SupportPortal] iexplore.exe file://C:/Program Files/Common Files/Motive/ClientSyncLoader.htm?http;nsprdnacw-vip.aliant.net:80/lwp/rebootHandler.do;rebootOccured=true [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [x]
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [x]
HKLM\...\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [x]
HKLM\...\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\runonceex: []  [x]
HKCU\...\Run: [Facebook Update] "C:\Documents and Settings\Troy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [Updater21802.exe] C:\Documents and Settings\Troy\Local Settings\Application Data\Updater21802\Updater21802.exe /extensionid=21802 /extensionname='Shopping Sidekick Plugin' /chromeid=dlopielgodpjhkbapdlbbicpiefpaack /stayidle /delay=300 [206336 2013-01-06] (FileProperties_CompanyName)
HKCU\...\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\ihdefender.exe [845824 2013-06-10] (I.R.I.S. (Image Recognition Integrated Systems))
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\n. ATTENTION! ====> ZeroAccess
MountPoints2: {89b6a836-4f9a-11dd-a215-0013200f6ed4} - G:\LaunchU3.exe -a
HKU\Catherine\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Troy\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk
ShortcutTarget: Jacquie Lawson London Advent Calendar.lnk -> C:\Program Files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3196716
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis2.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
HKCU SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268494&CUI=UN38533786831359836
SearchScopes: HKCU - {6FE86C93-8BC6-44B8-81C9-CC3CFBA4F647} URL = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=vmn&type=egames&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268494&CUI=UN38533786831359836
SearchScopes: HKCU - {BenefitBar} URL = http://search.benefitbar.com/benefitbar/search/www.php?tid=875&sch={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Troy\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis2.dll (Conduit Ltd.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Nikken International BenefitBar - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWis2.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU -No Name - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} -  No File
Toolbar: HKCU -WiseConvert Toolbar - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWis2.dll (Conduit Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116856221468
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nikkenwellness.webex.com/client/T26L/webex/ieatgpc.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 02 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 03 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 05 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 06 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 07 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 08 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 09 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 10 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 12 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 13 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 14 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 15 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 16 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 17 mswsock.dll [121704] (Apple Inc.)

Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.177.2.130

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\t0oh0pdi.default
FF SearchEngine: VisualBee V.1 Customized Web Search
FF Homepage: hxxp://www.tsn.ca
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&octid=CT3268494&CUI=UN11086513265784204&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\t0oh0pdi.default\Extensions\trash

Chrome:
=======
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN16077741284734223&ctid=CT3268494
CHR DefaultSuggestURL: (Conduit) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Troy\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\Troy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (DealPly) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0
CHR Extension: (Wajam) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (DefaultTab) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0
CHR Extension: (Yontoo) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0
CHR Extension: (VisualBee V.1) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh\10.14.40.128_0

========================== Services (Whitelisted) =================

S2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [389120 2004-08-25] ()
S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()
S2 DefaultTabUpdate; C:\Documents and Settings\Troy\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-01-30] ()
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S2 FileOpenManagerSvc; C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 N360; C:\Program Files\Norton 360\Engine\5.2.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S2 6to4; C:\WINDOWS\system32\6to4v32.dll [x]
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [787456 2004-08-25] (ATI Technologies Inc.)
S1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [820856 2012-03-17] (Symantec Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-11-09] (Logitech Inc.)
S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-04-08] (Symantec Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.002\IDSxpx86.sys [356280 2012-04-06] (Symantec Corporation)
S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120407.016\NAVENG.SYS [86136 2012-04-08] (Symantec Corporation)
S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120407.016\NAVEX15.SYS [1576312 2012-04-08] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 RapportCerberus_51755; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [317112 2013-03-24] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [103120 2013-04-30] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [174320 2013-04-30] (Trusteer Ltd.)
S3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0502010.003\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\0502010.003\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0502010.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0502010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [126584 2011-08-12] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\0502010.003\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\N360\0502010.003\SYMTDI.SYS [369784 2011-04-20] (Symantec Corporation)
S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 bvrp_pci; No ImagePath
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-11 19:54 - 2013-06-11 19:54 - 00000000 ____D C:\FRST
2013-06-11 07:05 - 2013-06-11 07:09 - 00011545 ____A C:\Documents and Settings\Troy\Desktop\dds.txt
2013-06-11 07:05 - 2013-06-11 07:09 - 00005673 ____A C:\Documents and Settings\Troy\Desktop\attach.txt
2013-06-11 06:23 - 2013-06-11 06:31 - 00000944 ____A C:\Documents and Settings\Troy\Desktop\Rkill.txt
2013-06-10 22:02 - 2013-06-10 22:02 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-10 21:45 - 2013-06-10 21:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-10 20:12 - 2013-06-10 20:12 - 00845824 ____A (I.R.I.S. (Image Recognition Integrated Systems)) C:\Documents and Settings\All Users\Application Data\ihdefender.exe
2013-06-10 20:12 - 2013-06-10 20:12 - 00000807 ____A C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
2013-06-04 04:21 - 2013-06-04 04:21 - 00054156 ___AH C:\Windows\QTFont.qfn
2013-06-04 04:21 - 2013-06-04 04:21 - 00001409 ____A C:\Windows\QTFont.for
2013-06-03 01:11 - 2013-06-10 21:43 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-05-23 21:46 - 2013-05-23 21:46 - 00006144 __ASH C:\Thumbs.db
2013-05-13 19:38 - 2013-05-13 19:38 - 00001734 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders ========

2013-06-11 19:54 - 2013-06-11 19:54 - 00000000 ____D C:\FRST
2013-06-11 18:50 - 2005-04-28 23:59 - 00013646 ____A C:\Windows\System32\WPA.DBL
2013-06-11 18:49 - 2005-05-04 20:18 - 00000062 __ASH C:\Documents and Settings\Troy\Local Settings\DESKTOP.INI
2013-06-11 18:48 - 2005-04-28 23:58 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\DESKTOP.INI
2013-06-11 18:48 - 2005-04-28 23:58 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\DESKTOP.INI
2013-06-11 18:38 - 2005-04-29 00:02 - 01830414 ____A C:\Windows\WindowsUpdate.log
2013-06-11 18:31 - 2004-08-10 14:59 - 00000157 ____A C:\Windows\WIADEBUG.LOG
2013-06-11 18:31 - 2004-08-10 14:59 - 00000049 ____A C:\Windows\WIASERVC.LOG
2013-06-11 18:30 - 2011-02-19 12:31 - 00000000 ____D C:\Windows\System32\logishrd
2013-06-11 18:12 - 2005-05-04 20:18 - 00000278 ___SH C:\Documents and Settings\Troy\NTUSER.INI
2013-06-11 07:09 - 2013-06-11 07:05 - 00011545 ____A C:\Documents and Settings\Troy\Desktop\dds.txt
2013-06-11 07:09 - 2013-06-11 07:05 - 00005673 ____A C:\Documents and Settings\Troy\Desktop\attach.txt
2013-06-11 06:31 - 2013-06-11 06:23 - 00000944 ____A C:\Documents and Settings\Troy\Desktop\Rkill.txt
2013-06-10 23:46 - 2010-09-25 20:47 - 00000000 ____D C:\Windows\setup.pss
2013-06-10 22:02 - 2013-06-10 22:02 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-10 22:02 - 2011-04-24 08:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-10 21:47 - 2004-08-04 09:00 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipsec.sys
2013-06-10 21:45 - 2013-06-10 21:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-10 21:43 - 2013-06-03 01:11 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-10 20:37 - 2013-01-30 20:01 - 00000000 ____A C:\END
2013-06-10 20:12 - 2013-06-10 20:12 - 00845824 ____A (I.R.I.S. (Image Recognition Integrated Systems)) C:\Documents and Settings\All Users\Application Data\ihdefender.exe
2013-06-10 20:12 - 2013-06-10 20:12 - 00000807 ____A C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
2013-06-09 22:20 - 2011-05-31 19:32 - 00022528 __ASH C:\Documents and Settings\julia school\Thumbs.db
2013-06-09 22:20 - 2005-12-08 22:13 - 00071168 __ASH C:\Documents and Settings\Catherine\Thumbs.db
2013-06-09 22:16 - 2010-07-24 21:26 - 00000000 ____D C:\Documents and Settings\Troy\Local Settings\Application Data\CutePDF Writer
2013-06-09 22:10 - 2011-01-21 00:33 - 00000000 ____D C:\Documents and Settings\Troy\Invoices
2013-06-09 22:03 - 2010-02-26 18:43 - 00000000 ____D C:\Documents and Settings\Troy\My Documents\My Scans
2013-06-09 21:59 - 2005-04-28 23:43 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-09 21:34 - 2007-05-19 13:14 - 01269760 ____A C:\Documents and Settings\Troy\My Documents\HeatLoss Calculations.mdb
2013-06-07 05:50 - 2011-02-19 12:56 - 00000000 ____D C:\Documents and Settings\Troy\Application Data\Skype
2013-06-04 04:21 - 2013-06-04 04:21 - 00054156 ___AH C:\Windows\QTFont.qfn
2013-06-04 04:21 - 2013-06-04 04:21 - 00001409 ____A C:\Windows\QTFont.for
2013-06-02 18:58 - 2005-12-06 22:33 - 14465024 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mbb
2013-06-02 18:58 - 2005-12-06 22:33 - 06675456 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mb
2013-06-01 18:11 - 2012-12-22 23:08 - 00000000 ____D C:\Documents and Settings\Troy\Local Settings\Application Data\WiseConvert
2013-06-01 18:11 - 2012-12-22 23:08 - 00000000 ____D C:\Documents and Settings\Troy\Application Data\PriceGong
2013-05-23 21:46 - 2013-05-23 21:46 - 00006144 __ASH C:\Thumbs.db
2013-05-23 21:46 - 2006-02-08 21:52 - 00007680 __ASH C:\Windows\Thumbs.db
2013-05-16 15:14 - 2010-09-25 21:29 - 01024216 ____A C:\Windows\setupapi.log
2013-05-13 19:43 - 2012-04-05 17:27 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-13 19:43 - 2012-04-05 17:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-13 19:43 - 2009-01-25 23:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-13 19:38 - 2013-05-13 19:38 - 00001734 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-05-13 19:37 - 2005-05-12 14:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-13 19:37 - 2005-04-29 00:14 - 00000000 ____D C:\Program Files\Adobe
2013-05-12 20:53 - 2013-01-30 20:15 - 00000000 ____D C:\Program Files\DealPly
2013-05-12 20:53 - 2013-01-30 20:02 - 00000000 ____D C:\Program Files\Shopping Sidekick Plugin

ZeroAccess:
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\@
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\L
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\U
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\U\00000001.@
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\U\80000000.@
C:\RECYCLER\S-1-5-21-1145529519-2986990225-269041240-1006\$800fc00ab116e1ebe5712fb079b963c8\U\800000cb.@

Files to move or delete:
====================
C:\Documents and Settings\Troy\wlsetup-web.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-06-2013
Ran by Troy at 2013-06-11 19:56:02 Run:
Running from C:\Documents and Settings\Troy\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

3 Tor
32 Bit HP CIO Components Installer (Version: 6.1.1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.051-040825a-017900C-Dell)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
C4700 (Version: 130.0.373.000)
CameraHelperMsi (Version: 13.10.1217.0)
Card Games (Version: 1.0)
CCScore (Version: 5.03.0000.0003)
CDCheck
Chvac Version 7 (Version: 7)
Classic PhoneTools (Version: 4.24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
ConferenceManager 10 Client Software (Version: 10.0.40)
CutePDF Writer 2.8
DealPly (Version: )
DefaultTab (Version: 2.1.8.0)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.00)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell ResourceCD
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
erLT (Version: 1.20.138.34)
ESSBrwr (Version: 5.03.0000.0101)
ESSCDBK (Version: 5.03.0000.0001)
ESScore (Version: 5.03.0000.0103)
ESSgui (Version: 5.03.0000.0003)
ESShelp (Version: 5.03.0000.0003)
ESSini (Version: 5.03.0000.0201)
ESSPCD (Version: 5.03.0000.0001)
ESSSONIC (Version: 5.3.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 5.03.0000.0001)
essvcpt (Version: 5.03.0000.0001)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileOpen Client (Version: 3.0.47.900)
GenuTax Standard (Version: 1.37)
Google Earth (Version: 4.2.198.2451)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Intel® 537EP V9x DFV PCI Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iTunes (Version: 10.5.2.11)
Jasc Paint Shop Photo Album 5 (Version: 5.21)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
kgcbase (Version: 5.03.0000.0004)
Kodak EasyShare software
KSU (Version: 632.62.0003.0003)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.10.1216.0)
LWS Gallery (Version: 13.10.1216.0)
LWS Help_main (Version: 13.10.1224.0)
LWS Launcher (Version: 13.10.1224.0)
LWS Motion Detection (Version: 13.10.1218.0)
LWS Pictures And Video (Version: 13.10.1218.0)
LWS Twitter (Version: 13.00.1216.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.10.1216.0)
Macromedia Extension Manager (Version: 1.5)
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
MediaBar (Version: 2.0.0.93720)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint 2003 Template Pack 2 (Version: 11.0.5614.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
Musicmatch® Jukebox (Version: 9.00.5100)
Network (Version: 130.0.374.000)
Nikken International BenefitBar (Version: 1.0)
Norton 360 (Version: 5.2.1.3)
Notifier (Version: 5.03.0000.0001)
Octoshape add-in for Adobe Flash Player
OfotoXMI (Version: 5.03.0000.0302)
OTtBP (Version: 5.03.0000.0001)
OTtBPSDK (Version: 4.00.0000.0000)
Photo Album (Version: 3.00.0000)
Photo Click (Version: 1.0.0)
PowerDVD 5.3
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000)
QuickTime (Version: 7.3.1.70)
Rapport (Version: 3.5.1208.36)
RealPlayer
Satisfashion (Version: 1.0.0.0)
Scan (Version: 13.0.0.0)
SF Pressure Drop 7.0
SFR (Version: 5.00.0000.0005)
SHASTA (Version: 5.03.0000.0002)
Shopping Sidekick Plugin (Version: 1.26.152.152)
SKIN0001 (Version: 5.03.0000.0101)
SKINXSDK (Version: 5.03.0000.0101)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sonic DLA (Version: 4.95)
Sonic MyDVD (Version: 5.3.0)
Sonic RecordNow! (Version: 7.3)
Sonic Update Manager (Version: 2.9)
staticcr (Version: 5.03.0000.0001)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update Manager (remove only)
Update_DealPly
Viewpoint Media Player
VPRINTOL (Version: 5.03.0000.0001)
Wajam (Version: 1.51)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 5.03.0000.0003)
WiseConvert Toolbar (Version: 6.12.0.516)
WordPerfect Office 12 (Version: 12.0.0.238)
Yontoo 1.12.02 (Version: 1.12.02)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Faulty Device Manager Devices =============

Could not list devices.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2013 06:27:21 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/11/2013 06:53:49 AM) (Source: Microsoft Office 11) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (06/10/2013 02:55:54 AM) (Source: Google Update) (User: DROESBECK)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/09/2013 10:05:54 PM) (Source: MsiInstaller) (User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Error: (06/09/2013 10:05:43 PM) (Source: Application Hang) (User: )
Description: Hanging application hpqste08.exe, version 130.0.373.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2013 10:05:28 PM) (Source: Application Hang) (User: )
Description: Hanging application hpqste08.exe, version 130.0.373.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2013 10:03:54 PM) (Source: MsiInstaller) (User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Error: (06/09/2013 10:02:58 PM) (Source: MsiInstaller) (User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Error: (06/09/2013 10:02:40 PM) (Source: MsiInstaller) (User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Error: (06/09/2013 10:01:24 PM) (Source: MsiInstaller) (User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.


System errors:
=============
Error: (06/11/2013 07:56:02 PM) (Source: DCOM) (User: DROESBECK)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:56:02 PM) (Source: DCOM) (User: DROESBECK)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:54:43 PM) (Source: DCOM) (User: DROESBECK)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:34:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:34:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:34:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 07:34:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 06:50:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/11/2013 06:43:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/11/2013 06:43:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================
Error: (06/11/2013 06:27:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/11/2013 06:53:49 AM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time.  Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (06/10/2013 02:55:54 AM) (Source: Google Update)(User: DROESBECK)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/09/2013 10:05:54 PM) (Source: MsiInstaller)(User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.(NULL)(NULL)(NULL)

Error: (06/09/2013 10:05:43 PM) (Source: Application Hang)(User: )
Description: hpqste08.exe130.0.373.0hungapp0.0.0.000000000

Error: (06/09/2013 10:05:28 PM) (Source: Application Hang)(User: )
Description: hpqste08.exe130.0.373.0hungapp0.0.0.000000000

Error: (06/09/2013 10:03:54 PM) (Source: MsiInstaller)(User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.(NULL)(NULL)(NULL)

Error: (06/09/2013 10:02:58 PM) (Source: MsiInstaller)(User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.(NULL)(NULL)(NULL)

Error: (06/09/2013 10:02:40 PM) (Source: MsiInstaller)(User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.(NULL)(NULL)(NULL)

Error: (06/09/2013 10:01:24 PM) (Source: MsiInstaller)(User: DROESBECK)
Description: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 2558.07 MB
Available physical RAM: 2128.14 MB
Total Pagefile: 3171.27 MB
Available Pagefile: 2958.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.8 GB) (Free:90.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (The Battle of th) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 12 June 2013 - 01:16 AM

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 17 June 2013 - 12:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users