Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random popups/ Linkswift ads/ Defaults changed


  • This topic is locked This topic is locked
7 replies to this topic

#1 mjgrza

mjgrza

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 04 September 2013 - 03:14 PM

Hey there,

 

I'm infected.  Overun with ads and popups all week.  any advice would be greatly appreciated.  logs below.

 

Thank you very much

 

Farbar Service Scanner Version: 28-08-2013
Ran by Anne (administrator) on 04-09-2013 at 13:34:33
Running from "C:\Users\Anne\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
MiniToolBox by Farbar  Version: 13-07-2013
Ran by Anne (administrator) on 04-09-2013 at 13:46:01
Running from "C:\Users\Anne\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is enabled.
ProxyServer: http=127.0.0.1:64290;https=127.0.0.1:64290;
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?8$ subinterface=ethernet_7 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
 
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  74.125.226.228
 74.125.226.228
 
 
Pinging google.com [74.125.226.229] with 32 bytes of data:
Reply from 74.125.226.229: bytes=32 time=19ms TTL=55
Reply from 74.125.226.229: bytes=32 time=15ms TTL=55
 
Ping statistics for 74.125.226.229:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 19ms, Average = 17ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.138.253.109
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=34ms TTL=52
Reply from 98.139.183.24: bytes=32 time=122ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 122ms, Average = 78ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...d4 be d9 86 4f 2e ......Intel® 82579LM Gigabit Network Connection
 15...20 68 9d 64 04 40 ......Bluetooth Device (Personal Area Network)
 13...60 67 20 b3 81 12 ......Intel® Centrino® Advanced-N 6205
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    286
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    286
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:3839:2b9:3f57:fdfa/128
                                    On-link
 13    286 fe80::/64                On-link
 12    306 fe80::/64                On-link
 13    286 fe80::20cc:bfc:db85:6396/128
                                    On-link
 12    306 fe80::3839:2b9:3f57:fdfa/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/29/2013 08:36:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2013 09:10:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2013 10:32:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2013 02:17:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2013 10:30:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 06:50:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2013 06:18:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2013 08:48:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2013 10:24:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2013 01:55:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/04/2013 01:39:23 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/04/2013 01:39:18 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (09/04/2013 00:10:54 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (09/01/2013 11:51:08 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (08/29/2013 08:36:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2013 09:10:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2013 10:32:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2013 02:17:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2013 10:30:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 06:50:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2013 06:18:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2013 08:48:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2013 10:24:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2013 01:55:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat 9 Pro (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Altiris Application Metering Agent (Version: 7.0.1332.0)
Altiris Deployment Agent (Version: 1.0.0)
Altiris Inventory Agent (Version: 7.0.1332.0)
Altiris Power Scheme Agent (Version: 7.0.1218)
BrowserSafeguard
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 12.0.3.6)
Computrace (Version: 8.0.856)
DefaultTab (Version: 2.2.18.0)
DefaultTab Chrome (Version: 1.1.25)
Define Ext (Version: 8)
Dell Touchpad (Version: 8.1200.101.116)
Draft Analyzer (Version: 1.00.0000)
FlipShare (Version: 5.12.3.0)
FlowcastDesktopControls (Version: 4.0316.0001)
FoodBuzz (Version: 9.0)
Google Chrome (Version: 29.0.1547.62)
Google Drive (Version: 1.11.4865.2530)
Google Update Helper (Version: 1.3.21.153)
IDXTerm V2 (Version: 2.54)
IDXWebFrameworkControls (Version: 5.02.009)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
iSiteEnterprise 3.6.120.3 (Version: 3.6.120.3)
iSiteExt (Version: 3.6.120.3)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
Java™ 6 Update 23 (Version: 6.0.230)
Juniper Networks Host Checker (Version: 7.1.0.19235)
Juniper Networks Secure Application Manager (Version: 7.1.0.19235)
Juniper Networks, Inc. Setup Client (Version: 7.1.4.12881)
JUP ICO x64 (Version: 1.0.0)
LastWord Client for Java - Standalone
LeapFrog Connect (Version: 4.2.13.16151)
LeapFrog Tag Plugin (Version: 4.2.9.15649)
LinkSwift 3.0.0 (Version: 3.0.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.102)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mobile App Sync
MyPC Backup  (Version: )
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update Components (Version: 1.10.8)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.37)
Optimizer Pro v3.2 (Version: 3.2)
Patch Management Agent (Version: 7.0.4509.0)
PrintKey2000
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Software Management Solution Agent (Version: 7.0.1938.0)
Software Version Updater (Version: 1.1.3.8)
ST Microelectronics 3 Axis Digital Accelerometer Solution (Version: 4.10.0016)
Symantec Endpoint Protection (Version: 11.0.7000.975)
Symantec pcAnywhere (Version: 12.5.0.618)
Symantec_pcAnywhere_plugin_installer (Version: 12.5.177.0)
TidyNetwork.com
TouchWorksWebControls (Version: 11.0203.397)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 4.2.9.15649)
WIDCOMM Bluetooth Software (Version: 6.5.1.2410)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
X7Magic Setup (Version: 7.1.5)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 8065.49 MB
Available physical RAM: 5676.8 MB
Total Pagefile: 16129.17 MB
Available Pagefile: 13061.72 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.26 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.95 GB) (Free:242.93 GB) NTFS
3 Drive f: () (Removable) (Total:7.41 GB) (Free:7.41 GB) FAT32
 
========================= Users: ========================================
 
 
 
**** End of log ****
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.04.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
 
Protection: Enabled
 
9/4/2013 1:54:16 PM
mbam-log-2013-09-04 (13-54-16).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386580
Time elapsed: 5 minute(s), 50 second(s)
 
Memory Processes Detected: 4
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 8696 -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> 7288 -> Delete on reboot.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> 992 -> Delete on reboot.
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> 5412 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 45
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{323420b6-65e5-4657-8106-a27392d4d4aa} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{49FB101A-0A00-4E85-A807-8785C2D32604} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\Interface\{339CA35C-F74A-44C3-BD78-9CE3E8C9C560} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update LinkSwift (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> Quarantined and deleted successfully.
 
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizePro.A) -> Data: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.18.0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.18.0 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.OptimizerPro) -> Bad: (c:\progra~2\optimi~1\optpro~1.dll) Good: () -> Quarantined and repaired successfully.
 
Folders Detected: 7
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab (PUP.Optional.DefaultTab) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Anne\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.
 
Files Detected: 61
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LinkSwift\LinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Anne\Downloads\Express_Installer.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Temporary Internet Files\Content.IE5\X5IC1YFP\checker_20130826[1].exe (Trojan.Downloader.Agent) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Temporary Internet Files\Content.IE5\X5IC1YFP\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Temporary Internet Files\Content.IE5\XT1PQYN3\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> Delete on reboot.
C:\Program Files (x86)\DefaultTab\uid (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\uninstaller.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Check updates.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Anne\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> Delete on reboot.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com\sidMTMY02.tidy (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com\TidyNetwork.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com\sidMTMY02.tidy (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com\TidyNetwork.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Local\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> Quarantined and deleted successfully.
 
(end)
Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/04/2013 03:32:35 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Anne\Desktop\rkill\rkill-09-04-2013-03-32-37.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/04/2013 03:33:37 PM
Execution time: 0 hours(s), 1 minute(s), and 2 seconds(s)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Anne at 15:37:56 on 2013-09-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.4551 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
C:\Program Files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Program Files (x86)\Symantec\pcAnywhere\pcaEvents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\o2flash.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\Notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
 
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: IDXHlprObj Class: {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files (x86)\IDX Systems Corporation\Web Framework\IDXIEController.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Anne\AppData\Local\DefineExt\temp.dat
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
uRun: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
uRun: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
uRun: [RecipesHQToolbarUpdater] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
uRunOnce: [Del2226305] cmd.exe /Q /D /c del "C:\Users\Anne\AppData\Local\Temp\0.del"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [TJU_IE_Zones] regedit /s "C:\Program Files\Common Files\TJUzones\TJUzones.reg"
mRun: [TJU_IE_Zonesx64] regedit /s "C:\Program Files (x86)\Common Files\TJUzones\TJUzones.reg"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Del2226305] cmd.exe /Q /D /c del "C:\Users\Anne\AppData\Local\Temp\0.del"
StartupFolder: C:\Users\Anne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: cdc.gov
Trusted Zone: emrdelivery
Trusted Zone: emrintegration
Trusted Zone: hcia.com
Trusted Zone: highmark.com
Trusted Zone: highmark.com
Trusted Zone: navimedix.com
Trusted Zone: psvrdb
Trusted Zone: rhea
Trusted Zone: serialssolutions.com
Trusted Zone: skytel.com
Trusted Zone: smweb1
Trusted Zone: solucient.com
Trusted Zone: vianeta.net
Trusted Zone: westmont
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - hxxps://jupempower.jefferson.edu/Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - hxxps://jupempower.jefferson.edu/TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - hxxps://jupempower.jefferson.edu/TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxps://jupempower.jefferson.edu/Touchworks/DictationController.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - hxxps://jupempower.jefferson.edu/TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - hxxps://jupempower.jefferson.edu/TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - hxxps://jupempower.jefferson.edu/Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - hxxps://jupempower.jefferson.edu/TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - hxxps://jupempower.jefferson.edu/TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxps://connect.tjuh.org/,DanaInfo=dommsg03vip.tjh.tju.edu,ST=1+/dwa85W.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.tjuh.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1E2E3498-3223-47F0-95F0-84D49158F5A8} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{CBB8437D-95A1-416F-9DCE-F560A19FD3F2} : DHCPNameServer = 10.160.1.10 10.161.1.10
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
Notify: PCANotify - PCANotify.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DagentUI] c:\Program Files\Altiris\Dagent\dagentui.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-21 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-12-1 22128]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-4 45856]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 NEOFLTR_710_19235;Juniper Networks TDI Filter Driver (NEOFLTR_710_19235);C:\Windows\System32\drivers\NEOFLTR_710_19235.SYS [2013-2-14 99152]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
R1 Teefer3;Symantec Endpoint Protection Firewall;C:\Windows\System32\drivers\Teefer3.sys [2011-9-29 53880]
R2 Altiris Deployment Agent;Altiris Deployment Agent;C:\Program Files\Altiris\Dagent\dagent.exe [2012-1-11 2040832]
R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-9-29 1846592]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-9-4 1616048]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-9-21 135720]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-12-1 615464]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-1 39976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-14 138912]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-21 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-21 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-4 25928]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2012-9-21 84712]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-12-1 68208]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Anne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-9-4 107520]
S2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-12-1 8192]
S3 AltirisAgentProvider;AltirisAgentProvider;C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2012-12-17 620376]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-9-21 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-9-21 44992]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-11-5 445800]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-1-3 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-14 30208]
.
=============== Created Last 30 ================
.
2013-09-04 18:47:12 -------- d-----w- C:\Users\Anne\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-04 18:47:10 -------- d-----w- C:\Users\Anne\AppData\Local\AVG SafeGuard toolbar
2013-09-04 18:46:59 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-04 18:46:57 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-09-04 18:46:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-09-04 18:46:56 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-04 18:46:42 -------- d--h--w- C:\ProgramData\Common Files
2013-09-04 18:46:39 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-09-04 18:46:36 -------- d-----w- C:\Program Files (x86)\OpenIt
2013-09-04 18:46:33 -------- d-----w- C:\Users\Anne\AppData\Roaming\DSite
2013-09-04 18:35:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-04 17:51:46 -------- d-----w- C:\Users\Anne\AppData\Roaming\Malwarebytes
2013-09-04 17:51:01 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-04 17:51:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-04 17:51:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 17:44:14 -------- d-----w- C:\Users\Anne\AppData\Roaming\Optimizer Pro
2013-09-04 17:39:29 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2013-09-04 17:39:14 -------- d-----w- C:\Users\Anne\AppData\Roaming\DefaultTab
2013-09-04 17:39:12 -------- d-----w- C:\Users\Anne\AppData\Local\SwvUpdater
2013-09-04 17:38:57 -------- d-----w- C:\Users\Anne\AppData\Local\Programs
2013-09-04 17:38:38 -------- d-----w- C:\Program Files (x86)\FoodBuzz
2013-09-04 17:38:25 -------- d-----w- C:\Program Files (x86)\Mobile App Sync
2013-09-04 17:38:16 -------- d-----w- C:\Users\Anne\AppData\Roaming\RealNetworks
2013-09-04 17:37:53 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-09-04 17:37:51 -------- d-----w- C:\ProgramData\RealNetworks
2013-09-04 17:37:45 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-09-01 03:07:04 -------- d-----w- C:\Program Files (x86)\LinkSwift
2013-09-01 03:06:59 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-09-01 03:06:21 -------- d-----w- C:\Users\Anne\AppData\Local\DefineExt
2013-08-17 23:21:27 40960 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{506C7FC3-4A0D-4B08-ADAA-6B91CACC7412}\Uninstall_Draft_Anal_506C7FC34A0D4B08ADAA6B91CACC7412.exe
2013-08-17 23:21:27 40960 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{506C7FC3-4A0D-4B08-ADAA-6B91CACC7412}\PL.exe1_506C7FC34A0D4B08ADAA6B91CACC7412_2.exe
2013-08-17 23:21:27 40960 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{506C7FC3-4A0D-4B08-ADAA-6B91CACC7412}\PL.exe_506C7FC34A0D4B08ADAA6B91CACC7412_4.exe
2013-08-17 23:21:27 40960 ----a-r- C:\Users\Anne\AppData\Roaming\Microsoft\Installer\{506C7FC3-4A0D-4B08-ADAA-6B91CACC7412}\ARPPRODUCTICON.exe
2013-08-17 23:21:23 -------- d-----w- C:\Program Files (x86)\Draft Analyzer
.
==================== Find3M  ====================
.
2013-08-21 03:35:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 03:35:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 17:38:42 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
.
============= FINISH: 15:38:08.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2012 1:28:18 PM
System Uptime: 9/4/2013 2:09:27 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 07Y85M
Processor: Intel® Core™ i7-3720QM CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 242.702 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 6/17/2013 12:00:02 AM - Scheduled Checkpoint
RP28: 6/25/2013 - Scheduled Checkpoint
RP29: 7/3/2013 7:16:38 PM - Scheduled Checkpoint
RP30: 7/13/2013 9:55:12 AM - Scheduled Checkpoint
RP31: 7/20/2013 1:02:20 PM - Scheduled Checkpoint
RP32: 7/28/2013 12:00:02 AM - Scheduled Checkpoint
RP33: 8/5/2013 12:00:02 AM - Scheduled Checkpoint
RP34: 8/14/2013 10:00:22 AM - Scheduled Checkpoint
RP35: 8/17/2013 7:21:16 PM - Installed Draft Analyzer
RP36: 8/29/2013 12:23:29 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
Altiris Application Metering Agent
Altiris Deployment Agent
Altiris Inventory Agent
Altiris Power Scheme Agent
AVG SafeGuard toolbar
BrowserSafeguard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Computrace
DefaultTab
Define Ext
Dell Touchpad
Draft Analyzer
FlipShare
FlowcastDesktopControls
FoodBuzz
Google Chrome
Google Drive
Google Update Helper
IDXTerm V2
IDXWebFrameworkControls
Intel® USB 3.0 eXtensible Host Controller Driver
iSiteEnterprise 3.6.120.3
iSiteExt
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 23
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks, Inc. Setup Client
JUP ICO x64
LastWord Client for Java - Standalone
LeapFrog Connect
LeapFrog Tag Plugin
LinkSwift 3.0.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile App Sync
MyPC Backup 
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA Optimus 1.10.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
O2Micro Flash Memory Card Windows Driver
Open It!
Patch Management Agent
PrintKey2000
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Software Management Solution Agent
ST Microelectronics 3 Axis Digital Accelerometer Solution
Symantec Endpoint Protection
Symantec pcAnywhere
Symantec_pcAnywhere_plugin_installer
TouchWorksWebControls
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Zip Opener
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
WIDCOMM Bluetooth Software
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
X7Magic Setup
Zip Opener Packages
.
==== Event Viewer Messages From Past Week ========
.
9/4/2013 2:52:14 PM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).
9/4/2013 2:52:11 PM, Error: Service Control Manager [7034]  - The O2SDIOAssist service terminated unexpectedly.  It has done this 1 time(s).
9/4/2013 2:50:58 PM, Error: mbamchameleon [61703]  - 
9/4/2013 2:46:39 PM, Error: Service Control Manager [7030]  - The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/4/2013 2:13:05 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
9/4/2013 2:13:05 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/4/2013 2:12:36 PM, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
9/4/2013 2:12:23 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain TJU-MST due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
9/4/2013 12:10:54 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
.
==== End Of File ===========================
 

 

 

 

 

 

 
 
**** End of log ****

 



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 AM

Posted 08 September 2013 - 01:18 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

SystemLook
 
Please use either of the following links:
Download Mirror 1
Download Mirror 2

  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Users\Anne\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 AM

Posted 12 September 2013 - 06:33 AM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 mjgrza

mjgrza
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 September 2013 - 07:02 AM

Think I got it under control by following the steps in another forum.  The popups have stopped.    I followed your instructions and

 

TDS found no threats SystemLook results are below.  Thanks alot for the reply and help.  Let me know if their is anything else I could or should do just to be safe.  

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 07:59 on 12/09/2013 by Anne
Administrator - Elevation successful
 
No Context: dir
 
No Context: C:\Users\Anne\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z /s
 
-= EOF =-
 
Thnaks alot for the reply and help.  Let me know if their is anything else I could or should do just to be safe.  

 



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 AM

Posted 12 September 2013 - 11:38 AM

Are you saying that your problems have been solved at another forum and your system is ok now?  I just need to clarify.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 mjgrza

mjgrza
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 13 September 2013 - 05:39 AM

Yes after running all of the programs from mt first post,  rebooting and reinstalling chrome the popups are no more.

 

Thank you

 



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 AM

Posted 13 September 2013 - 07:11 AM

Ok.  Glad you got your problems sorted out.  Thanks for letting me know.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 AM

Posted 13 September 2013 - 07:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users