Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64bit PC infected with Zeroaccess Malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 rttyguy

rttyguy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 December 2013 - 12:14 PM

Hello,

 

I used Malwarebytes to remove most of ZeroAccess malware, but I think some remnants remain.

 

Thanks for your help.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 07 December 2013 - 02:43 AM



Hello rttyguy

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rttyguy

rttyguy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 07 December 2013 - 09:06 PM

Here are the contents of the logs:

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 1.6.0_37
Run by jting at 20:55:42 on 2013-12-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.8089.5882 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uProxyServer = 0.0.0.0:80
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [GoToAssist Express Expert] "C:\Users\jting\AppData\Local\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" "/Trigger RunAtLogon"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe
mRun: [Nuance PDF Converter Professional 7-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\jting\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://blackberrysv:3443/webconsole/RIMWebComponents.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.22 192.168.1.21
TCP: Interfaces\{61B9451A-49C3-4448-82F0-D48523F105CD} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065} : DHCPNameServer = 192.168.1.22 192.168.1.21
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\14D6075646F51405F523E2437484A7 : DHCPNameServer = 192.168.80.240
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\2454C4C4734373 : DHCPNameServer = 192.168.1.22
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\544494D41485 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\67964716F5139303 : DHCPNameServer = 10.0.0.10 10.0.0.12
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\67964716F5139313 : DHCPNameServer = 10.0.0.10 10.0.0.12
TCP: Interfaces\{ADEB7207-DBEE-4B8A-822B-D3004472F065}\67964716F55313 : DHCPNameServer = 10.0.0.10 10.0.0.12
TCP: Interfaces\{AF60767F-4399-4836-ADA2-8B1443C9F82A} : NameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{F69B65BF-C8C6-4931-878A-6CC4A5702A23} : DHCPNameServer = 10.0.0.10 10.0.0.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jting\AppData\Roaming\Mozilla\Firefox\Profiles\6tkmk7kj.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-28 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-5-28 22128]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-11-6 73296]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;C:\Windows\System32\drivers\CSN5PDTS82x64.sys [2013-5-14 34840]
R1 CsNdisLWF;Colasoft Packet Driver for WiFi;C:\Windows\System32\drivers\CsNdisLWF.sys [2013-5-14 26352]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-28 89600]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-5-10 2683712]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2012-5-2 164864]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-6 418376]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-5-28 8192]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2013-1-23 387584]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2013-1-23 1161216]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-2-8 11576]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2012-10-6 1861568]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-28 2594584]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-8-27 14401104]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2012-5-28 27760]
R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-5-28 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-28 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-28 176096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-25 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-28 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-31 25928]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2012-5-28 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2012-5-28 83560]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-1-23 18432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-31 701512]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-28 158976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2012-5-28 72808]
S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2012-6-11 50856]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\swg3kser00.sys [2012-10-24 258432]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\Windows\System32\drivers\swiwdmbx64.sys [2012-10-24 109312]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2012-10-24 297472]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-30 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
.
=============== Created Last 30 ================
.
2013-12-06 02:33:14 -------- d-----w- C:\Windows\System32\MRT
2013-12-06 01:52:16 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-12-06 01:52:15 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-12-06 01:52:15 111448 ----a-w- C:\Windows\System32\consent.exe
2013-12-06 01:52:14 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-12-06 01:50:55 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-12-06 01:49:29 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-12-06 01:48:59 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-12-06 01:47:59 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-12-06 01:47:59 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-12-06 01:47:59 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-12-06 01:47:51 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-12-06 01:47:50 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-12-06 01:47:40 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-12-06 01:47:40 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-12-06 01:46:17 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-12-06 01:46:16 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-12-06 01:46:07 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-12-06 01:46:07 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-12-06 01:46:07 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-12-06 01:45:17 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-06 01:45:17 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-06 01:45:17 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-06 01:45:17 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-06 01:45:17 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-05 19:31:44 -------- d-----w- C:\$RECYCLE.BIN
2013-12-05 19:19:18 98816 ----a-w- C:\Windows\sed.exe
2013-12-05 19:19:18 256000 ----a-w- C:\Windows\PEV.exe
2013-12-05 19:19:18 208896 ----a-w- C:\Windows\MBR.exe
2013-12-05 19:19:16 -------- d-----w- C:\ComboFix
2013-12-05 18:44:41 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-12-05 18:43:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-05 18:31:03 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2013-12-05 16:59:23 -------- d-----w- C:\FRST
2013-12-02 14:07:23 -------- d-----w- C:\Users\jting\AppData\Local\CrashDumps
2013-11-29 19:52:59 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-29 19:52:26 -------- d-----w- C:\Program Files\iPod
2013-11-29 19:52:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-29 19:52:25 -------- d-----w- C:\Program Files\iTunes
2013-11-29 19:52:25 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-29 19:51:16 -------- d-----w- C:\Program Files\Bonjour
2013-11-29 19:51:16 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2013-11-07 14:20:59 562176 ----a-w- C:\Windows\System32\eST4snm6.dll
2013-10-28 13:17:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-28 13:17:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 20:56:17.80 ===============
 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05/06/2012 9:29:35 AM
System Uptime: 07/12/2013 8:40:32 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 03PH4G
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 326.604 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 06/12/2013 8:53:20 AM - post windows updates
.
==== Installed Programs ======================
.
??????? 2.7
2007 Microsoft Office Suite Service Pack 3 (SP3)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
ABACI Client for ASA 7.0.2
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
AuthenTec Fingerprint Software
BioAPI Framework
BlackBerry Desktop Software 7.1
BlackBerry Device Communication Components
BlackBerry Device Manager 7.1
BlackBerry Device Software Updater
BlackBerry Link
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client
Colasoft Capsa 7 Enterprise
Custom
CutePDF Professional 3.7
CutePDF Writer 3.0
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell Feature Enhancement Pack
Dell Touchpad
Dell Webcam Central
DellAccess
Digital Clock-7 2.02
DirectX 9 Runtime
DW WLAN Card Utility
EMBASSY Security Center
GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit)
Gemalto
GoToAssist Expert 1.6.0.545
GoToMeeting 5.3.0.978
HashTab 4.0.0.2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP LJ300-400 color M351-M451
HP Unified IO
hpbDSService
hpbM351M451DSService
hppLaserJetService
hppM351_M451LaserJetService
Intel® Identity Protection Technology 1.2.22.0
Intel® Management Engine Components
Intel® Processor Graphics
iTunes
Java Auto Updater
Java™ 6 Update 37
LiveUpdate 3.3 (Symantec Corporation)
MainBoss 2.9
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Exchange Server
Microsoft Exchange Server 2007
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Nuance PDF Converter Professional 7
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
PC-CCID
PDF Printer 2.0
PhotoShowExpress
Preboot Manager
Private Information Manager
RBVirtualFolder64Inst
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samsung Printer Live Update
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Skype™ 6.6
Snapshot Viewer
Sonic CinePlayer Decoder Pack
SPBA 5.9
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Management Studio
Symantec Endpoint Protection
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Trusted Drive Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update Rollup 10 for Exchange Server 2007 Service Pack 3 (KB2788321)
Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497)
Upek Touchchip Fingerprint Reader
VMware vSphere Client 5.1
VMware vSphere Update Manager Client 5.1
VMware vSphere Update Manager Client 5.1 Update 1
VMware Workstation
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows 7 USB/DVD Download Tool
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
.
==== Event Viewer Messages From Past Week ========
.
07/12/2013 8:45:09 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
07/12/2013 8:41:43 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  CSN5PDTS82 vllj
07/12/2013 8:41:19 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain VITACANADA due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
07/12/2013 8:41:14 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
07/12/2013 12:39:55 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
06/12/2013 8:50:04 AM, Error: Microsoft-Windows-RasSstp [1]  - CoId={AA229B34-13B7-43DD-9DEC-9C057C2B2734}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable host.
06/12/2013 8:47:09 AM, Error: Microsoft-Windows-RasSstp [1]  - CoId={A8408A63-544E-4436-9AFB-F79F9E1CD43C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. An existing connection was forcibly closed by the remote host.
06/12/2013 8:44:43 AM, Error: Microsoft-Windows-RasSstp [1]  - CoId={C951B738-83DE-4695-BCDA-D4333A6E2FD0}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. An existing connection was forcibly closed by the remote host.
.
==== End Of File ===========================
 

Thanks,



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 07 December 2013 - 09:10 PM



Hello rttyguy

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 10 December 2013 - 03:11 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 15 December 2013 - 12:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users