Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Worm.Generic.467115 keeps reappearing


  • This topic is locked This topic is locked
6 replies to this topic

#1 NevadaSkier

NevadaSkier

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 December 2013 - 02:10 AM

I downloaded a file from CNet to convert mkv files to mp4, and the thing had a payload.  I deleted the  .exe I originally downloaded.  But Bitdefender keeps warning me that Worm.generic.467115 has been detected and removed. Also Internet Explorer 9 keeps changing my homepage to about:blank.

 

Thanks in advance, I new Cnet allows the seedy optouts, but I didnt think it allowed straight malware.  

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 PM

Posted 24 December 2013 - 09:33 AM



Hello NevadaSkier

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NevadaSkier

NevadaSkier
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 December 2013 - 10:29 PM

Hi Gringo,  hope you are enjoying the holidays.   After reading your post I rebooted the computer and recreated the problems just to confirm I do still have a problem.  And I do, internet explorer starts on about:blank and cannot keep a home page.  Plus Bitdefender keeps finding Worm.Generic.467115 and deleting it. 

 

Here are the logs and thanks a bunch!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2013 7:51:34 PM
System Uptime: 12/24/2013 7:12:27 PM (0 hours ago)
.
Motherboard: Dell Inc.          |  | 0XN71K
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 176.497 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP54: 12/13/2013 7:25:43 AM - Windows Backup
RP55: 12/15/2013 3:00:54 AM - Windows Update
RP56: 12/22/2013 1:50:46 PM - Scheduled Checkpoint
RP57: 12/22/2013 6:34:47 PM - Installed Free MKV To MP4 Converter
RP58: 12/22/2013 6:37:51 PM - Removed Free MKV To MP4 Converter
RP59: 12/22/2013 6:39:50 PM - Removed Free MKV To MP4 Converter
RP60: 12/22/2013 6:43:11 PM - Removed Free MKV To MP4 Converter
RP61: 12/22/2013 6:50:20 PM - Removed Free MKV To MP4 Converter
RP62: 12/23/2013 9:00:02 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
µTorrent
AccelerometerP11
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
ArcGIS 10.1 for Desktop
Bitdefender Internet Security
Consumer In-Home Service Agreement
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Support Center
Dell VideoStage
Dell Webcam Central
Dropbox
Fast-Backup version 2.01
Garmin BaseCamp
Garmin USB Drivers
GeForce Experience NvStream Client Components
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
gSyncit
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor 2.0
Intel® Wireless Display
Internet Explorer
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 24 (64-bit)
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Optimus 9.3.21
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Phonak Target 3.1
Phonak Target Media (DVD) 2.0.0
QuickBooks
QuickBooks Pro 2010
Quickset64
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Skype Toolbars
Skype™ 5.10
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/24/2013 7:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/23/2013 8:45:54 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/23/2013 8:45:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/23/2013 8:45:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/23/2013 8:45:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/23/2013 8:45:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/23/2013 8:45:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/23/2013 8:45:28 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avc3 BdfNdisf bdfwfpf CSC DfsC discache gzflt NetBIOS NetBT nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 8:45:23 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 8:38:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
12/23/2013 1:22:20 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
12/22/2013 6:15:14 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
12/22/2013 1:12:27 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520
Run by TahoeDouglasFire at 19:28:10 on 2013-12-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3990.2135 [GMT -8:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Users\TahoeDouglasFire\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [QuickBooksDB20] C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_TAHOEDOUGLASFIR_20 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M  -x tcpip(BroadcastListener=NO;port=55338) -ti 0 -ec simple  -qi -qw  -tl 120 -oe "C:\ProgramData\Intuit\QuickBooks\DBStartup.log" -y
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\TAHOED~3\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\TahoeDouglasFire\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\TahoeDouglasFire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C4CAD10-BF10-4BC2-82C9-F6FD4D4B6A42} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C4CAD10-BF10-4BC2-82C9-F6FD4D4B6A42}\45250514075726C69636 : DHCPNameServer = 208.67.222.123 208.67.220.123
TCP: Interfaces\{3C4CAD10-BF10-4BC2-82C9-F6FD4D4B6A42}\7657563747 : DHCPNameServer = 4.2.2.1 206.13.28.12 24.205.192.61
TCP: Interfaces\{6D025DA8-8DAE-4B0F-82E4-FBAA16B1426B} : DHCPNameServer = 192.168.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-11-24 727592]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-11-24 150256]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-11-26 32544]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-4-24 21616]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-11-24 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-11-24 103504]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-11-26 300320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-24 98208]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-26 15125280]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-24 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-24 2656280]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-11-24 67320]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-4-24 27760]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-11-24 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-11-24 601360]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-24 175168]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-24 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-24 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-24 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-26 39200]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-4-24 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-24 412264]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-11-24 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-11-24 82824]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-24 158976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-4-24 121960]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-24 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-24 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-11-26 77632]
S4 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-23 03:21:53 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-12-23 02:34:27 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Roaming\Convert Audio Free
2013-12-21 17:44:57 155648 ------w- C:\Users\TahoeDouglasFire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
2013-12-14 05:05:44 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\Garmin
2013-12-14 05:05:30 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\GARMIN_Corp
2013-12-14 05:02:27 -------- d-----w- C:\Program Files (x86)\Garmin
2013-12-13 15:46:08 -------- d-----w- C:\Program Files (x86)\Fast-Backup
2013-12-13 02:11:49 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\{B40F033A-A1E0-47EF-9C3E-52EF1D44896D}
2013-12-11 11:06:10 167424 ------w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 11:06:10 164864 ------w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 11:06:10 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 11:06:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 08:11:08 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 08:11:08 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 08:11:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 08:11:03 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 08:11:03 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 08:11:01 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 08:11:01 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 08:10:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 08:10:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 08:10:52 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 08:10:52 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 08:10:49 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 08:10:49 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 08:10:49 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 08:10:49 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 08:10:49 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 08:10:49 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 08:10:49 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 08:10:49 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-10 20:04:59 -------- d-----w- C:\ProgramData\Dumps
2013-12-08 23:09:50 -------- d-----w- C:\Program Files (x86)\GUM235C.tmp
2013-12-03 20:46:43 -------- d-----w- C:\boot
2013-12-03 15:26:44 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\IsolatedStorage
2013-12-03 15:24:04 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Roaming\4Team
2013-12-03 15:22:50 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-11-29 15:10:44 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-29 15:10:44 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-29 15:10:44 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-29 15:10:44 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-29 15:10:44 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-29 15:10:44 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-29 15:10:44 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 02:19:43 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2013-11-26 23:48:33 90112 ----a-w- C:\Windows\SysWow64\KOBDrvAPIIF.DLL
2013-11-26 23:48:33 152064 ----a-w- C:\Windows\KOBDrvAPIW64.EXE
2013-11-26 23:48:33 108544 ----a-w- C:\Windows\System32\KOBDrvAPIIF.DLL
2013-11-26 23:48:18 80384 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\KOFYQJ1P.DLL
2013-11-26 21:57:25 -------- d-----w- C:\Windows\SysWow64\NV
2013-11-26 21:57:25 -------- d-----w- C:\Windows\System32\NV
2013-11-26 21:38:35 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-26 21:38:34 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-26 21:21:22 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\Diagnostics
2013-11-26 19:11:58 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-11-26 15:36:45 -------- d-----w- C:\Program Files\Common Files\Intuit
2013-11-26 15:33:09 -------- d-----w- C:\Users\TahoeDouglasFire\AppData\Local\Intuit
2013-11-26 15:32:04 4194304 ------w- C:\Windows\SysWow64\cdintf400.dll
2013-11-26 15:26:18 -------- d-----w- C:\ProgramData\Nuance
2013-11-26 15:25:43 -------- d-----w- C:\ProgramData\SQL Anywhere 11
2013-11-26 15:25:42 -------- d-----w- C:\ProgramData\COMMON FILES
2013-11-26 15:16:56 -------- d-----w- C:\Windows\Intuit
2013-11-26 12:31:49 2871808 ------w- C:\Windows\explorer.exe
2013-11-26 12:31:49 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-11-26 12:31:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-11-26 12:31:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-26 12:31:40 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-26 12:31:40 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-26 02:40:08 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-26 02:40:08 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-26 02:39:47 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-11-26 02:39:47 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-11-26 02:39:47 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-11-26 02:39:47 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-11-26 02:39:31 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-11-26 02:39:31 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-11-26 02:39:06 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-26 02:39:06 111448 ----a-w- C:\Windows\System32\consent.exe
2013-11-26 02:38:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-11-26 02:38:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-11-26 02:38:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-11-26 02:38:40 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-26 02:38:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-11-26 02:38:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-11-26 02:38:40 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-26 02:38:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-11-26 02:38:28 33280 ----a-w- C:\Windows\System32\drivers\usbser.sys
2013-11-26 02:38:08 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-26 02:36:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-11-26 02:35:35 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-11-26 02:35:35 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-11-26 02:35:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-11-26 02:35:06 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-11-26 02:35:03 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-11-26 02:35:03 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-11-26 02:35:03 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-11-26 02:31:43 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-11-26 02:31:43 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-11-26 02:31:42 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-26 02:31:42 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-26 02:31:41 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-11-26 02:31:38 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-11-26 02:31:38 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-11-26 02:28:12 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-26 02:28:12 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-26 02:28:11 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-26 02:28:11 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-26 02:28:11 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-26 02:27:44 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-11-26 01:56:42 -------- d-----w- C:\ProgramData\bdch
2013-11-25 22:12:07 -------- d-----w- C:\Windows\System32\SPReview
2013-11-25 22:10:43 -------- d-----w- C:\Windows\System32\EventProviders
.
==================== Find3M  ====================
.
2013-12-11 18:45:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:45:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 23:46:04 15360 ----a-w- C:\Windows\System32\KOFYQJ1L.DLL
2013-11-25 22:21:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-11-25 22:21:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-11-24 15:46:51 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2013-11-24 15:46:51 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2013-11-24 15:46:50 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-11-24 15:18:40 504918 ----a-w- C:\ProgramData\1385305730.bdinstall.bin
2013-11-23 01:49:32 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-11-23 01:49:32 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-11-11 16:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:59 1065248 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 13:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-04 23:47:36 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-11-04 23:47:10 84848 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2013-11-04 23:46:57 34384 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 19:29:14.38 ===============



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 PM

Posted 24 December 2013 - 11:52 PM



Hello NevadaSkier

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NevadaSkier

NevadaSkier
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 26 December 2013 - 10:58 AM

Hi Gringo, I looked at the DDS log and noticed that there was a file in windows start-up that was installed at the same time I had installed the file from CNET.  I deleted that file and then ran AdwClean and JRT.  And all is good now.  My computer is running well again and I no longer have the worm showing up in BitDefender.

 

Its all fixed!

 

Thanks a ton!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 PM

Posted 26 December 2013 - 09:09 PM

Hello

It is still best to do the cleanup as they are always things to be removed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 PM

Posted 04 January 2014 - 10:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users