Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it Malware????? :(


  • This topic is locked This topic is locked
3 replies to this topic

#1 dinee

dinee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 18 August 2014 - 09:07 PM

So, laptop has been running extraordinarily slow and I haven't had time to address.  Not getting the usual pop ups just getting reoccurring messages stating that there is a Java update.  I did get a "security" message yesterday but it went away so fast I couldn't ID it.  
I am running in safe mode w/networking (Windows 7)and cannot print topics.  I am currently reading posts and trying to Rx the problem now but thought I would post just in case.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.17239
Run by Dinee at 11:45:14 on 2014-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1461 [GMT -5:00]
.
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Facebook Update] "c:\users\dinee\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [F-Secure Manager] "c:\program files\charter security suite\apps\computersecurity\common\FSM32.EXE" /splash
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [F-Secure Hoster (42626)] "c:\program files\charter security suite\fshoster32.exe" -app -hosterid:1
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\dinee\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F7B7CA6B-71A4-4B71-B171-6D0307890394} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7B7CA6B-71A4-4B71-B171-6D0307890394}\2375942554131373 : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2013-3-9 44240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-8 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-8 936152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140801.001\BHDrvx86.sys [2014-8-6 1101616]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-8 127064]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\apps\computersecurity\hips\drivers\fshs.sys [2014-6-23 73864]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\charter security suite\apps\computersecurity\anti-virus\minifilter\fsvista.sys [2013-3-9 12736]
S1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140815.001\IDSvix86.sys [2014-8-18 395992]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-8 206936]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1505000.013\symnets.sys [2014-8-8 447704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 fshoster;F-Secure Dll Hoster;c:\program files\charter security suite\fshoster32.exe [2013-5-15 191424]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\apps\ccf_reputation\fsorsp.exe [2012-8-6 60352]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-28 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-28 860472]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-8 276376]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-7-21 109872]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2014-1-7 15384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\apps\computersecurity\anti-virus\minifilter\fsgk.sys [2013-3-9 146472]
S3 fsni;fsni;c:\program files\charter security suite\apps\ccf_scanning\fsni32.sys [2014-6-19 70184]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-15 108032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-28 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-28 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-28 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-13 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-21 1343400]
.
=============== Created Last 30 ================
.
2014-08-15 11:49:42 -------- d-----w- C:\acc2f576b20f9ed62378b2675f
2014-08-15 11:49:26 -------- d-----w- C:\fcb1c214a604507a92504fc6b7
2014-08-15 11:44:45 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 11:44:38 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 11:44:01 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 11:43:56 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 11:38:01 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 11:36:19 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 11:36:19 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-15 11:36:19 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-15 11:36:16 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 11:36:07 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-15 11:33:57 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-15 11:33:57 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-15 11:33:56 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 11:33:56 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-15 11:31:18 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 11:30:36 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-15 11:30:35 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-12 20:24:51 -------- d-----w- C:\5453ba7ef0783477acf6788d49
2014-08-08 15:04:20 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-08 15:04:20 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-08 15:04:20 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-08 15:04:19 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-08 15:04:19 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-08 15:04:18 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-08 15:04:18 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-08 15:04:18 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-08 15:02:36 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-08 15:02:35 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-08-03 09:53:47 188304 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-07-29 19:34:20 -------- d-----w- C:\a8759d846daa1df5fa
2014-07-28 18:35:54 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 18:20:56 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-28 18:20:56 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-28 18:20:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-28 18:20:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-28 18:20:30 -------- d-----w- c:\users\dinee\appdata\local\Programs
2014-07-28 18:05:46 110080 ----a-r- c:\users\dinee\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconF7A21AF7.exe
2014-07-28 18:05:46 110080 ----a-r- c:\users\dinee\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconD7F16134.exe
2014-07-28 18:05:46 110080 ----a-r- c:\users\dinee\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconCF33A0CE.exe
2014-07-28 18:05:22 -------- d-----w- C:\sh4ldr
2014-07-28 18:05:22 -------- d-----w- c:\program files\Enigma Software Group
2014-07-28 18:03:05 -------- d-----w- c:\users\dinee\appdata\local\CrashDumps
2014-07-28 18:00:58 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-28 18:00:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-07-28 16:45:31 -------- d-----w- C:\19854b5a7363a6d276c6
2014-07-26 15:05:37 -------- d-----w- C:\508856a4696bc9536e
2014-07-22 15:42:26 -------- d-----w- C:\f42d5eb52d3d64dfcd32c1f2ee
2014-07-22 08:06:59 -------- d-----w- C:\cfc8d914cf6b22e24eda607e22eec67d
2014-07-21 18:24:17 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-07-21 18:24:17 -------- d-----w- c:\program files\common files\Symantec Shared
2014-07-21 18:23:20 -------- d-----w- c:\windows\system32\drivers\NIS
2014-07-21 18:23:18 -------- d-----w- c:\program files\Norton Internet Security
2014-07-21 18:22:31 -------- d-----w- c:\program files\NortonInstaller
2014-07-21 16:36:49 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-21 16:36:49 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-21 16:36:49 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-21 16:36:49 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-21 16:34:25 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-21 16:34:24 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-21 16:34:24 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-21 16:34:24 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-21 16:34:24 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-21 16:34:24 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-21 16:34:24 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-21 16:30:36 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-21 16:28:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-21 16:27:46 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-21 16:27:46 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-21 16:27:46 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-21 16:27:45 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-21 16:27:45 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-21 16:27:45 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-21 16:27:45 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-21 16:24:28 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-21 16:17:07 -------- d-----w- C:\332d8c7d592bd27a00d8988f
2014-07-21 15:55:12 -------- d-----w- C:\c0b867192dc25e4b39
.
==================== Find3M ====================
.
2014-08-08 17:59:30 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-08 17:59:30 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-07 01:39:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 02:38:37 4188160 ----a-w- c:\program files\GUT7B40.tmp
2011-05-29 17:49:51 702464 ----a-w- c:\program files\Uninstall TelevisionFanatic.dll
.
============= FINISH: 11:48:12.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2011 6:20:53 PM
System Uptime: 8/18/2014 11:19:00 AM (0 hours ago)
.
Motherboard: Acer | | Poyang
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | uPGA-478 | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 148.657 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011E1025&REV_12\4&2E7F5171&0&02F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011E1025&REV_12\4&2E7F5171&0&02F0
Service:
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\3&33FD14CA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_011E1025&REV_12\4&2E7F5171&0&03F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_011E1025&REV_12\4&2E7F5171&0&03F0
Service:
.
==== System Restore Points ===================
.
RP408: 7/26/2014 10:00:06 AM - Windows Update
RP409: 7/28/2014 11:41:52 AM - Windows Update
RP410: 7/28/2014 1:01:30 PM - Installed SpyHunter
RP411: 7/29/2014 2:30:13 PM - Windows Update
RP412: 8/11/2014 10:13:04 AM - Windows Update
RP413: 8/11/2014 10:30:11 AM - Windows Update
RP414: 8/12/2014 3:15:00 PM - Windows Update
RP415: 8/15/2014 6:21:34 AM - Windows Update
RP416: 8/15/2014 7:08:43 AM - Windows Update
RP417: 8/18/2014 7:59:38 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
5600
5600_Help
5600Trb
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.11)
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Support Plus PC Maintenance Toolbox
BabylonObjectInstaller
BearShare
Belkin Setup and Router Monitor
Bonjour
BufferChm
Charter Security Suite
Computer Security 12.83.104.0 (release)
Copy
Destinations
DeviceDiscovery
DocProc
EA Download Manager
F-Secure CCF Reputation
F-Secure CCF Scanning 1.43.102.193 (release)
F-Secure Network CCF 1.02.128
Facebook Video Calling 3.1.0.521
Fax
Free YouTube Downloader Plus V 7.3.0
Ghost Train Ride
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Oasis
Network
Norton Internet Security
OCR Software by I.R.I.S. 13.0
Online Safety 2.83.1346.10
Privacy SafeGuard version 1.1
QuickTime
RewardsArcadeSuite
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype™ 6.11
SmartWebPrinting
SolutionCenter
SpyHunter
Status
The Sims™ 3
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
8/18/2014 9:17:16 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/18/2014 9:14:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/18/2014 11:44:47 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2014 11:23:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/18/2014 11:23:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/18/2014 11:23:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/18/2014 11:23:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/18/2014 11:20:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS discache eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
8/18/2014 11:20:14 AM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
8/18/2014 11:12:20 AM, Error: F-Secure Gatekeeper [1] -
8/18/2014 11:05:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/16/2014 12:57:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
8/15/2014 6:49:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2931368).
8/15/2014 2:17:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
8/15/2014 2:17:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/15/2014 2:17:31 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2014 8:57:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/14/2014 6:58:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/14/2014 6:58:41 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2014 4:51:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/13/2014 4:59:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Disk Defragmenter service to connect.
8/13/2014 4:59:11 PM, Error: Service Control Manager [7000] - The Disk Defragmenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/13/2014 4:59:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
8/12/2014 3:24:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2898869).
8/11/2014 10:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/11/2014 10:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/11/2014 10:08:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/11/2014 10:08:12 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 23 August 2014 - 07:54 PM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 23 August 2014 - 07:56 PM

Greetings dinee and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 26 August 2014 - 08:00 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 29 August 2014 - 09:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users