Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Hacker need help


  • This topic is locked This topic is locked
5 replies to this topic

#1 workingthrough

workingthrough

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 12 March 2014 - 04:32 PM

I have very little computer skills on the tech side.  I've only taken a couple of basic classes.  I have a hacker in my computer.  I did a little research and found out how to get ip addresses on my network (I have public wifi where I am).  I started using netstat and nbtstat in dos and saw some of the other computers sending syns to mine through netbios. 
 
I got some more info from a couple of friends and put up zonealarm and tcpview.  I can see the hacker sending packets to my computer through netbios from other computers on the network, and sending out packets from my computer to websites.  He is also accessing ports.  He has to have a program because while he's doing this, the notifications come one afterh the other.  I found out the two major sites he is trying to access through my computer are Cloud and MCast. 

I also decided to check my fb security and saw that while I am on the internet, he is logging into my account through my desktop.  He has tried to hack it directly three times but hasn't been able to yet. 

i've since run Malwarebytes Pro and Combofix.  Combofix found several things and got rid of them.  MB pro found nothing.  He was still getting in.  My son found one pup in an app and got rid of it.  It didn't stop him from getting in. 

Oh, and I have zonealarm firewall up.  Still hasn't stopped him.  I'm not sure what to do at this point.  I understand there aren't any free programs to shut unused ports, and I don't know what I'm doing to do so manually.  I'm also afraid I will close needed ones.  He knows how because he keeps closing the port I use for my internet so he can be in and I can't.
 
I've run combofix and dds and am attaching all logs. 
Attached File  combofix.txt   15.55KB   5 downloadsAttached File  DDS1.txt   23.57KB   5 downloadsAttached File  DDS2.txt   19.73KB   6 downloads
 
 
More info...I am running zonealarm.  What keeps popping up is "netbios datagram sent from...to..."  The hacker is using most of the computers in the park to go through.  I see blocks coming into my computer, out from my computer, etc.  Then they are in.  I can always tell once they are in my computer. 

I also read something a few minutes ago.  To add to my above info, I am running a firewall, I have stopped file/print sharing, and I only have my one computer. 
 
I hope I am not giving too much information.  I also have a "console" that keeps popping up whenever I just unplug the internet and leave the page (fb mainly) up.  Is that something to worry about?  I had never seen it before until about 3 months ago. 

Attached File  console.jpg   29.86KB   0 downloads

ComboFix 14-03-10.01 - Lynne 03/12/2014 1:55.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.542 [GMT -7:00]
Running from: c:\users\Lynne\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-12 to 2014-03-12 )))))))))))))))))))))))))))))))
.
.
2014-03-12 09:04 . 2014-03-12 09:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-12 09:04 . 2014-03-12 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-11 06:42 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E112CB75-C824-4F93-AECE-4C233406728F}\mpengine.dll
2014-03-09 02:05 . 2014-03-09 02:05 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-08 11:01 . 2014-03-08 11:01 -------- d-----r- c:\program files (x86)\Skype
2014-03-08 11:01 . 2014-03-08 11:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-08 08:30 . 2013-07-16 11:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2014-03-08 08:30 . 2013-07-16 11:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2014-03-08 08:30 . 2014-03-08 09:04 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-03-08 08:30 . 2013-07-16 11:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2014-03-08 08:30 . 2013-07-16 11:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2014-03-07 21:32 . 2014-03-07 21:33 -------- d-----w- c:\program files (x86)\CheckPoint
2014-03-06 21:01 . 2013-07-17 10:02 7717984 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-03-06 21:01 . 2013-10-09 09:31 489568 ----a-w- c:\windows\system32\drivers\klif.sys
2014-03-06 21:01 . 2013-10-09 09:31 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-03-06 20:07 . 2014-03-07 11:06 -------- d-----w- c:\users\Lynne\AppData\Roaming\Check Point Software Technologies LTD
2014-03-05 05:05 . 2014-03-07 11:06 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2014-03-05 05:04 . 2014-03-05 05:04 -------- d-----w- c:\programdata\CheckPoint
2014-03-05 02:30 . 2014-03-06 17:45 -------- d-----w- c:\program files\PeerBlock
2014-03-04 23:14 . 2014-03-08 11:04 -------- d-----w- c:\windows\system32\MRT
2014-02-23 03:52 . 2014-02-25 08:12 -------- d-----w- c:\users\Lynne\AppData\Local\Windows Live
2014-02-13 08:19 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 08:19 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 08:18 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 08:18 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-13 08:18 . 2014-02-06 22:55 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-02-13 08:18 . 2014-02-06 22:24 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-02-13 08:18 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-13 08:18 . 2014-02-06 08:47 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-02-13 08:18 . 2014-02-06 08:37 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-02-12 20:59 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 20:59 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 20:59 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 20:59 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 20:58 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 20:58 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 20:58 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 20:58 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 06:43 . 2013-07-12 00:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 06:43 . 2013-07-12 00:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-09 02:05 . 2013-07-23 11:25 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-09 02:05 . 2013-07-23 11:25 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-09 02:05 . 2013-07-23 11:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-09 02:05 . 2013-07-23 11:25 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-09 02:05 . 2013-07-23 11:25 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-09 02:05 . 2013-01-12 21:23 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-09 02:05 . 2013-07-23 11:25 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-09 02:05 . 2013-07-23 11:24 43152 ----a-w- c:\windows\avastSS.scr
2014-02-03 20:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-22 14:52 . 2013-07-23 11:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-03-30 1219248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-01-30 74160]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-09 3767096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN214AT25B05KC;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 06:43]
.
2014-03-12 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-03-08 18:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-09 02:05 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.231.6
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\abg3edxp.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 36c71f12000000000000100d7f3d4366
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16136
FF - user.js: extensions.zonealarm.vrsn - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsni - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.28.1314:26
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122161124849382-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-12 02:08:34
ComboFix-quarantined-files.txt 2014-03-12 09:08
ComboFix2.txt 2014-03-09 08:38
ComboFix3.txt 2014-03-09 03:36
ComboFix4.txt 2014-03-08 09:11
.
Pre-Run: 424,531,177,472 bytes free
Post-Run: 424,265,125,888 bytes free
.
- - End Of File - - 81DC61D5828A528578B5ADCAF5502C1F
70E629B51C16B3C007730C6AE57144C9

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2013 6:16:06 PM
System Uptime: 3/12/2014 1:00:28 AM (0 hours ago)
.
Motherboard: Acer | | Aspire X1420
Processor: AMD Athlon™ II X2 220 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 441 GiB total, 395.447 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP157: 3/6/2014 1:46:31 PM - Windows Update
RP158: 3/7/2014 2:58:56 AM - Restore Operation
RP159: 3/7/2014 3:00:19 AM - Windows Update
RP160: 3/8/2014 3:00:25 AM - Windows Update
RP161: 3/8/2014 4:12:24 PM - Removed Google Earth.
RP162: 3/8/2014 4:14:32 PM - Removed Print@Home
RP163: 3/8/2014 4:19:10 PM - Removed Nero DiscSpeed 10.
RP164: 3/8/2014 4:21:39 PM - Removed MyWinLocker Suite
RP165: 3/8/2014 4:26:44 PM - Removed Sony Picture Utility
RP166: 3/8/2014 4:27:00 PM - Removed Browser
RP167: 3/8/2014 4:27:31 PM - Removed VolumeWatcher
RP168: 3/8/2014 4:28:04 PM - Removed InitTool
RP169: 3/8/2014 4:28:37 PM - Removed Importer
RP170: 3/8/2014 5:13:25 PM - Removed Sony Picture Utility
RP171: 3/8/2014 5:14:17 PM - Removed Importer
RP172: 3/8/2014 5:14:49 PM - Removed Announce
RP173: 3/8/2014 5:15:20 PM - Removed Map View
RP174: 3/8/2014 5:16:29 PM - Removed VideoTrimming
RP175: 3/8/2014 5:17:20 PM - Removed VideoDiscCopier
RP176: 3/8/2014 5:19:29 PM - Removed DiscImporter
RP177: 3/8/2014 5:19:52 PM - Removed DVDAuthor
RP178: 3/8/2014 5:20:32 PM - Removed Shared2
RP179: 3/8/2014 5:21:01 PM - Removed SBS_PXEngine
RP180: 3/8/2014 5:21:55 PM - Removed eBay Worldwide
RP181: 3/8/2014 5:22:39 PM - Removed Nero DiscSpeed 10.
RP182: 3/8/2014 5:23:54 PM - Removed Nero Multimedia Suite 10 Essentials.
RP183: 3/8/2014 5:29:27 PM - Removed Fooz Kids
RP184: 3/8/2014 5:30:48 PM - Removed Fooz Kids Platform
RP185: 3/8/2014 5:32:05 PM - Removed Evernote v. 4.5.1
RP186: 3/8/2014 5:33:35 PM - Removed Sony USB Driver
RP187: 3/8/2014 5:42:00 PM - avast! antivirus system restore point
RP188: 3/8/2014 5:49:14 PM - Windows Update
RP189: 3/9/2014 4:00:16 AM - Windows Update
RP190: 3/10/2014 8:27:32 PM - Removed NETGEAR WNA3100 wireless USB 2.0 adapter
RP191: 3/10/2014 9:10:01 PM - Restore Operation
.
==== Installed Programs ======================
.
clear.fi
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG SafeGuard toolbar
Bejeweled 2 Deluxe
Bonjour
Build-a-lot 4 - Power Source
Chronicles of Albian
clear.fi
clear.fi Client
Compatibility Pack for the 2007 Office system
Cradle of Rome 2
D3DX10
Dora's World Adventure
Final Drive: Nitro
Galerie de photos Windows Live
Governor of Poker 2 Premium Edition
Gpg4win (2.1.0)
Hotkey Utility
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Update
I.R.I.S. OCR
Identity Card
iTunes
Jewel Match 3
Junk Mail filter update
Malwarebytes Anti-Exploit version 0.09.5.0250
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.11
swMSM
Times Reader
Torchlight
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Welcome Center
WildTangent Games App
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 9:44:53 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
3/9/2014 10:18:12 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.XXX.XXX. The computer with the IP address 192.168.231.134 did not allow the name to be claimed by this computer.
3/9/2014 1:33:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/9/2014 1:21:44 AM, Error: Service Control Manager [7034] - The DirMngr service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 4:08:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The media is write protected.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7001] - The ForceWare IP service service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The ZoneAlarm Privacy Service service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.0.0 service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The Server SMB 2.xxx Driver service failed to start due to the following error: The media is write protected.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2014 4:08:39 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:08:38 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:38 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:37 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: A system shutdown is in progress.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:36 PM, Error: Service Control Manager [7038] - The msiserver service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:36 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:35 PM, Error: Service Control Manager [7000] - The Live Updater Service service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ForceWare Intelligent Application Manager (IAM) service to connect.
3/8/2014 4:08:34 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress.
3/8/2014 4:08:34 PM, Error: Service Control Manager [7000] - The GREGService service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:34 PM, Error: Service Control Manager [7000] - The ForceWare Intelligent Application Manager (IAM) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2014 4:08:33 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:33 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:33 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:33 PM, Error: Service Control Manager [7000] - The DirMngr service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:33 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:33 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:33 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:32 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
3/8/2014 4:08:28 PM, Error: Service Control Manager [7038] - The LanmanWorkstation service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:08:28 PM, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2014 4:08:26 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The media is write protected.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: The service did not start due to a logon failure.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The media is write protected.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The Security Driver service failed to start due to the following error: The media is write protected.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The media is write protected.
3/8/2014 4:06:56 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The system cannot find the path specified.
3/8/2014 4:06:52 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service did not start due to a logon failure.
3/8/2014 4:06:44 PM, Error: Service Control Manager [7038] - The BFE service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2014 4:06:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
3/8/2014 4:06:44 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The service did not start due to a logon failure.
3/8/2014 4:06:44 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2014 4:06:44 PM, Error: Service Control Manager [7000] - The Base Filtering Engine service failed to start due to the following error: The service did not start due to a logon failure.
3/12/2014 1:02:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20
3/12/2014 1:02:08 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 1:00:49 AM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
3/12/2014 1:00:36 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Lynne at 1:37:08 on 2014-03-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.307 [GMT -7:00]
.
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Lynne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.231.6.
TCP: Interfaces\{5B72EB28-207A-4D9D-8138-FD9BC608B99B} : DHCPNameServer = 192.168.231.6
TCP: Interfaces\{5B72EB28-207A-4D9D-8138-FD9BC608B99B}\745756374743033353 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{5B72EB28-207A-4D9D-8138-FD9BC608B99B}\8616D6D6F6E64637731333 : DHCPNameServer = 192.168.231.6
TCP: Interfaces\{750D0726-5A20-4D12-A144-20BFA1BDC616} : DHCPNameServer = 192.168.231.6
TCP: Interfaces\{750D0726-5A20-4D12-A144-20BFA1BDC616}\8616D6D6F6E64637731333 : DHCPNameServer = 192.168.231.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\abg3edxp.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 36c71f12000000000000100d7f3d4366
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16136
FF - user.js: extensions.zonealarm.vrsn - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsni - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.28.1314:26:06
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122161124849382-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=13325bee98894941b148dd5a9b436ea6&tu=10G9z00Cq2C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-3-6 22600]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-23 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-23 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-23 421704]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-30 39768]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-3-8 62168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-23 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-8 50344]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-21 255376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-7 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-30 990896]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-8 80184]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-8-31 1256192]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-7 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-11 06:42:47 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E112CB75-C824-4F93-AECE-4C233406728F}\mpengine.dll
2014-03-09 08:38:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-09 02:05:26 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-08 11:01:18 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-08 08:40:49 98816 ----a-w- C:\Windows\sed.exe
2014-03-08 08:40:49 256000 ----a-w- C:\Windows\PEV.exe
2014-03-08 08:40:49 208896 ----a-w- C:\Windows\MBR.exe
2014-03-08 08:30:07 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2014-03-08 08:30:07 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2014-03-08 08:30:06 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2014-03-08 08:30:06 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2014-03-08 08:30:06 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit
2014-03-07 21:32:33 -------- d-----w- C:\Program Files (x86)\CheckPoint
2014-03-06 21:01:53 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-03-06 21:01:41 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-03-06 20:07:17 -------- d-----w- C:\Users\Lynne\AppData\Roaming\Check Point Software Technologies LTD
2014-03-05 05:05:53 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD
2014-03-05 05:04:44 -------- d-----w- C:\ProgramData\CheckPoint
2014-03-05 02:30:09 -------- d-----w- C:\Program Files\PeerBlock
2014-03-04 23:14:41 -------- d-----w- C:\Windows\System32\MRT
2014-02-23 03:52:53 -------- d-----w- C:\Users\Lynne\AppData\Local\Windows Live
2014-02-23 03:52:29 -------- d-----w- C:\Users\Lynne\AppData\Local\{FB517A6A-2BF1-45D2-9058-29510BEC1E9C}
2014-02-23 03:51:59 -------- d-----w- C:\Users\Lynne\AppData\Local\{3A07D25F-F40A-41A5-97AA-ADFF3907F8C3}
2014-02-13 08:19:03 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 08:19:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 08:18:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-13 08:18:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-13 08:18:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-02-13 08:18:00 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-02-13 08:18:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-02-13 08:18:00 235224 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-02-12 20:59:35 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 20:59:34 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 20:59:34 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 20:59:34 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 20:58:29 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 20:58:28 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 20:58:27 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 20:58:26 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
==================== Find3M ====================
.
2014-03-12 06:43:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 06:43:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-09 02:05:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-09 02:05:19 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-09 02:05:18 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-09 02:05:18 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-09 02:05:17 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-09 02:05:17 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-03 20:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 1:38:46.09 ===============

Edited by Oh My, 22 March 2014 - 08:01 AM.
Logs posted


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 17 March 2014 - 04:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/527340 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:28 PM

Posted 22 March 2014 - 08:03 AM

Greetings workingthrough and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 workingthrough

workingthrough
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 22 March 2014 - 08:02 PM

i've already reset my computer back to it original state.  hasn't stopped the hacker.  they aren't getting on by anything i'm downloading.  they are getting on directly through my internet...public wireless.  i can even tell you who's doing it.  then they are putting something on my computer once they have the connection.  

 

i'm sitting here watching them make the connection but i can't do anything to stop them except get off the computer.  without knowing how to close the open ports they are searching for, there's nothing i can do anyway.  

 

but thanks.  

 

Greetings workingthrough and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:28 PM

Posted 22 March 2014 - 09:06 PM

So are you saying you are no longer in need of assistance? Since this doesn't appear to be malware related I am not sure I could offer any assistance anyway.

Edited by Oh My, 22 March 2014 - 09:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:28 PM

Posted 24 March 2014 - 04:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users