Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keylogging issue - a repost per instructions


  • This topic is locked This topic is locked
3 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 August 2014 - 11:03 PM

I have been asked to repost and report logs back to this page regarding an issue with a XP Laptop.  I notice when hovering over a blank field, with the mouse pointer, it changes into a verticle looking line that keeps flashing on and off again and again.  This is not right.  a blank field (such as a google search bar or any other input field) should not have this behavior.
 

I am having to use this older laptop awaiting another one to be fixed in the shop and it could take some time.  I removed a lot of software and cleaned out a lot of junk files that had accumulated.  I have REVO Pro and am aware of registry key proper differentiation to delete or keep.  Also, it may be noted, that I had to uninstall MS Office 2007 and install MS Office 2010 as well as all the updates.  I am having another issue with integration of Word with EndNote X5.  I spent over two hours on the phone with tech support and I still have an error.  I had re-inslatted EndNote X5, too.  Doesn't make sense.  Either issue I mean. 
I also had recently tried to download Mozilla Firefox (thinking it may be safer than IE) and I got a Windows error window right after the download window box appeared saying that the web page was unavailable (this was from the site:
So I am here and am posting per instructions DDS files Attach.txt and DDS.txt to start as follows: https://www.mozilla.org/en-US/ . Totally bizzare.  All I am trying to do is make this laptop work Word and EndNote and I am under a university deadline.  thanks.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2012 12:35:57 PM
System Uptime: 8/11/2014 10:43:07 PM (1 hours ago)
.
Motherboard: Hewlett-Packard  |  | 30AE
Processor: Mobile AMD Sempron™ Processor 3300+ | U23 | 1989/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 21.639 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.975 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP245: 8/8/2014 7:08:17 PM - Revo Uninstaller Pro's restore point - CVE-2013-1347
RP246: 8/8/2014 7:14:56 PM - Revo Uninstaller Pro's restore point - CVE-2013-1347
RP247: 8/8/2014 7:17:13 PM - Revo Uninstaller Pro's restore point - ESET Online Scanner v3
RP248: 8/8/2014 8:02:43 PM - Revo Uninstaller Pro's restore point - Office 2003 Trial Assistant
RP249: 8/8/2014 8:08:31 PM - Revo Uninstaller Pro's restore point - Office 2003 Trial Assistant
RP250: 8/8/2014 8:11:24 PM - Revo Uninstaller Pro's restore point - Texas Instruments PCIxx21/x515/xx12 drivers.
RP251: 8/8/2014 8:22:33 PM - Revo Uninstaller Pro's restore point - Soft Data Fax Modem with SmartCP
RP252: 8/8/2014 11:47:14 PM - Revo Uninstaller Pro's restore point - Texas Instruments PCIxx21/x515/xx12 drivers.
RP253: 8/8/2014 11:47:29 PM - Configured TIPCI
RP254: 8/8/2014 11:50:04 PM - Revo Uninstaller Pro's restore point - TIPCI
RP255: 8/8/2014 11:50:18 PM - Removed TIPCI
RP256: 8/8/2014 11:51:37 PM - Revo Uninstaller Pro's restore point - Office 2003 Trial Assistant
RP257: 8/8/2014 11:53:11 PM - Revo Uninstaller Pro's restore point - LightScribe  1.4.56.1
RP258: 8/8/2014 11:53:20 PM - Removed LightScribe  1.4.56.1
RP259: 8/10/2014 9:23:19 PM - Revo Uninstaller Pro's restore point - Microsoft Office Enterprise 2007
RP260: 8/10/2014 9:23:39 PM - Removed Microsoft Office Enterprise 2007
RP261: 8/10/2014 9:38:22 PM - Revo Uninstaller Pro's restore point - Microsoft Office Proof (English) 2007
RP262: 8/10/2014 9:38:33 PM - Removed Microsoft Office Proof (English) 2007
RP263: 8/10/2014 9:39:18 PM - Revo Uninstaller Pro's restore point - Microsoft Office Proof (French) 2007
RP264: 8/10/2014 9:39:30 PM - Supprimé Microsoft Office Proof (French) 2007
RP265: 8/10/2014 9:40:15 PM - Revo Uninstaller Pro's restore point - Microsoft Office Proof (Spanish) 2007
RP266: 8/10/2014 9:40:24 PM - Quitado Microsoft Office Proof (Spanish) 2007
RP267: 8/10/2014 9:41:08 PM - Revo Uninstaller Pro's restore point - Microsoft Office Proof (Spanish) 2007
RP268: 8/10/2014 9:41:44 PM - Revo Uninstaller Pro's restore point - Microsoft Office Proofing (English) 2007
RP269: 8/10/2014 9:41:59 PM - Removed Microsoft Office Proofing (English) 2007
RP270: 8/10/2014 9:42:40 PM - Revo Uninstaller Pro's restore point - Microsoft Office Shared MUI (English) 2007
RP271: 8/10/2014 9:42:57 PM - Removed Microsoft Office Shared MUI (English) 2007
RP272: 8/10/2014 9:44:06 PM - Revo Uninstaller Pro's restore point - Microsoft Office OneNote 2007
RP273: 8/10/2014 9:45:41 PM - Revo Uninstaller Pro's restore point - Microsoft Office File Validation Add-In
RP274: 8/10/2014 9:46:44 PM - Revo Uninstaller Pro's restore point - Google Advertising Cookie Opt-out
RP275: 8/10/2014 9:47:29 PM - Revo Uninstaller Pro's restore point - Google Update Helper
RP276: 8/10/2014 9:48:49 PM - Revo Uninstaller Pro's restore point - Junk Mail filter update
RP277: 8/10/2014 9:50:50 PM - Revo Uninstaller Pro's restore point - Microsoft Office Shared Setup Metadata MUI (English) 2007
RP278: 8/10/2014 9:50:58 PM - Removed Microsoft Office Shared Setup Metadata MUI (English) 2007
RP279: 8/10/2014 10:44:27 PM - Installed Microsoft Office Professional Plus 2010
RP280: 8/10/2014 10:53:57 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP281: 8/10/2014 11:41:49 PM - Software Distribution Service 3.0
RP282: 8/11/2014 1:01:45 AM - Software Distribution Service 3.0
RP283: 8/11/2014 1:54:03 AM - Software Distribution Service 3.0
RP284: 8/11/2014 2:24:56 AM - Revo Uninstaller Pro's restore point - EndNote X5
RP285: 8/11/2014 2:43:54 AM - Installed Java 7 Update 67
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_Help
4Media iPod to PC Transfer
Active@ Hard Disk Monitor
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.1
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
Audacity 2.0.5
AudibleManager
Auslogics DiskDefrag
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Document Converter 2.2.6
AVS Image Converter 2.3.3.249
AVS Media Player 4.1.11.100
AVS Photo Editor
AVS Registry Cleaner 2.2.3.237
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Conexant AC-Link Audio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
EndNote X5
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB969084)
HP DVD Play 2.0
HP Help and Support
HP Officejet J4500 Series
HP Product Detection
HP User Guides--System Recovery
HP User Guides 0025
HPDiagnosticAlert
HpSdpAppCoreApp
InstantShareAlert
J4500
Java 7 Update 67
Java Auto Updater
Kaspersky PURE 3.0
Malwarebytes Anti-Exploit version 1.03.1.1220
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Bootvis
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Small Basic v1.0
Microsoft Software Update for Web Folders  (English) 12
Microsoft Software Update for Web Folders  (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Personal Ancestral File 5
Personal Ancestral File Companion 5.7
ProductContext
REALTEK Gigabit and Fast Ethernet NIC Driver
ResearchSoft Direct Export Helper
Revo Uninstaller Pro 3.0.8
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2863942) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Segoe UI
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.11
Soft Data Fax Modem with SmartCP
swMSM
Synaptics Pointing Device Driver
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2813347-v2)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
WebFldrs XP
WebReg
Windows Backup Utility
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
8/9/2014 4:51:02 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MatSvc with arguments "" in order to run the server: {8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
8/9/2014 1:52:47 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  eabfiltr
8/9/2014 1:52:42 AM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/9/2014 1:52:40 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
8/9/2014 1:52:40 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
8/9/2014 1:52:40 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
8/9/2014 1:52:40 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the seclogon service.
8/9/2014 1:52:40 AM, error: Service Control Manager [7000]  - The System Event Notification service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/9/2014 1:49:10 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MatSvc with arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}
8/9/2014 1:41:46 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
8/9/2014 1:31:09 AM, error: Service Control Manager [7000]  - The SDDMI2 service failed to start due to the following error:  The system cannot find the file specified.
8/8/2014 6:24:09 PM, error: PlugPlayManager [12]  - The device 'TSSTcorp CDW/DVD TS-L462D' (IDE\CdRomTSSTcorp_CDW/DVD_TS-L462D_______________HS00____\5&9ec684f&0&0.1.0) disappeared from the system without first being prepared for removal.
8/6/2014 10:44:07 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
8/11/2014 10:43:52 PM, error: Dhcp [1002]  - The IP address lease 192.168.200.21 for the Network Card with network address 0016D49E1ED7 has been denied by the DHCP server 192.168.200.1 (The DHCP Server sent a DHCPNACK message).
8/10/2014 6:43:38 AM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
8/10/2014 12:48:32 AM, error: Dhcp [1002]  - The IP address lease 192.168.200.22 for the Network Card with network address 0016D49E1ED7 has been denied by the DHCP server 192.168.200.1 (The DHCP Server sent a DHCPNACK message).
8/10/2014 1:21:05 PM, error: ipnathlp [32003]  - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
.
==== End Of File ===========================
 

...and DDS.txt :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by OEM Customer at 23:40:56 on 2014-08-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1406.364 [GMT -4:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 3.0 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\urladvisor\klwtbbho.dll
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 3.0\avp.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Exploit] c:\program files\malwarebytes anti-exploit\mbae.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:383
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\urladvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {206599BA-54C3-4B56-8B27-361541F02B36} - hxxp://hosted.cloudpath.net/Xavier/Production/tools/xc_loader_activex.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1405663385125
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347721740343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347894656437
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{0DE980E8-618D-44E6-BB60-8688F5D9B74A} : DHCPNameServer = 192.168.200.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2014-3-31 88632]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2013-11-11 135776]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2014-3-31 39736]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2014-8-9 44760]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2014-3-31 595008]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-11-11 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-11-11 145040]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2013-3-15 237792]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky pure 3.0\avp.exe [2013-11-11 356128]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\malwarebytes anti-exploit\mbae-svc.exe [2014-8-9 360592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-11-11 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-11-11 24672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\avsndisimdriver.sys --> c:\windows\system32\drivers\AVSNDISIMDriver.sys [?]
S3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\avsndisimdriver.sys --> c:\windows\system32\drivers\AVSNDISIMDriver.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-10 40776]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2014-8-6 27064]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2003-5-2 53690]
S3 WDC_SAM;WD SCSI Pass Thru driver; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-08-11 20:48:11 -------- d-----w- c:\documents and settings\oem customer\application data\EndNote
2014-08-11 06:44:22 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-11 02:50:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-08-11 02:49:46 -------- d-----w- c:\documents and settings\all users\Microsoft
2014-08-11 02:45:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-08-11 02:45:35 -------- d-----w- c:\windows\SHELLNEW
2014-08-10 17:29:23 -------- d-----w- C:\W30A5F24
2014-08-10 17:29:19 -------- d-----w- c:\program files\SP37159
2014-08-10 09:00:45 -------- d-----w- c:\documents and settings\oem customer\local settings\application data\Adobe
2014-08-09 15:17:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes Anti-Exploit
2014-08-09 15:17:57 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-08-09 15:01:49 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-09 15:00:39 -------- d-----w- C:\AdwCleaner
2014-08-08 22:34:51 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2014-08-07 05:32:27 -------- d-----w- c:\program files\Enigma Software Group
2014-08-07 05:31:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-08-07 05:31:45 -------- d-----w- c:\windows\system32\wbem\Repository
2014-08-07 05:20:54 -------- d-----w- c:\documents and settings\oem customer\application data\Uninstaller Tool(Comodo Forums)
2014-08-07 01:51:42 -------- d-----w- c:\documents and settings\oem customer\local settings\application data\VS Revo Group
2014-08-07 01:51:27 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-08-07 01:51:25 -------- d-----w- c:\program files\VS Revo Group
2014-07-18 07:59:57 -------- d-----w- c:\documents and settings\all users\application data\Auslogics
2014-07-18 07:59:30 -------- d-----w- c:\program files\Auslogics
.
==================== Find3M  ====================
.
2014-08-11 06:44:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-18 08:21:41 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-07-18 08:21:40 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-07-18 08:06:01 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-18 08:06:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:42:19.29 ===============
 

ALL REPORTING SEEMED TO WORK - I DIDN'T EXPERIENCE ANYTHING UNUSUAL WHILE DDS RAN. - shley



BC AdBot (Login to Remove)

 


#2 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 August 2014 - 11:18 PM

One thing I see right off the bat in the last .txt. file: [GMT -4:00]
I am on GMT -5.00, not GMT -4.00 and when I check the clock/time in the sys tray it indicates GMT -5.00 and configured to auto sync with time.nist.gov, if this helps any...

thank you!



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 16 August 2014 - 11:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544166 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 17 August 2014 - 06:26 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users