InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : I have malware "Computer Support Online" popups? |
|
Answer» Quote I have another question that I don't know if it is related or not. When I boot up I get a dialog box named Content Adviser asking me if I want to use the "starthelp.exe" located on the hard drive. It's publisher is unknown. The location of it is C:\program files (x86)\privoxy\starthelp.exe. I haven't been letting it start SINCE I have no clue what it is. Is this ok and how can I keep it from popping up when I boot up?Please try uninstalling that program.I tried to uninstall it with Windows and Revo Uninstaller, however the program did not show up in either. I went into the file and there is no uninstall feature. Do I simply delete the file? Yes, please.I deleted the program. I have to go out of town until Friday when I can check back for any other actions you recommend I take.Did removing that program have any effect?I believe it has helped although I still get some of the same pop ups that Adblock Plus cannot block. I will try running some of the programs to see if they help. We got some company for the weekend and I can't work on it until next week. I apologize for the delay and I really do appreciate your help and patience in this issue. Quote I apologize for the delay and I really do appreciate your help and patience in this issue.Not a problem. We'll go at your pace. In the meantime, try running AdwCleaner and MBAM to see if it picks up anything. I'm curious about those pop-ups. Could you please post a screenshot of one of them? How to post screenshots or images I haven't had much improvement as I thought. I ran AdwCleaner and MBAM and both show no detections. I hope I have attached the copies of pop ups and web pages that open up in new tabs continually. Now the Content Advisor is dealing me fits in IE notifying me several times for each web page that loads and I have to enter my password before I can load the page. I am thinking about wiping the hard drive and reloading Windows. Let me know what you think. Thank you. Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will INSTRUCT you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) Here are the logs you requested. Before running DDS I ran MBAM, AdwCleaner, and Super Anti-Spyware Pro and all three found some infections and quarantined them. Ran Microsoft Security Essentials and found no infections. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2 Run by Char - Bill at 22:55:10 on 2014-06-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2701 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\ADOBE\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\System32\alg.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\SUPERAntiSpyware\d721cbab-1ddc-4c44-8db9-1bb46169e7e5.com C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\WordWeb\wweb32.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\HP\HP Officejet 4620 series\bin\HPNetworkCommunicator.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Condusiv TECHNOLOGIES\Diskeeper\DkService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nbcnews.com/ uSearch Bar = Preserve BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\d721cbab-1ddc-4c44-8db9-1bb46169e7e5.com uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AO2323905RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 uRun: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\CHAR-B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\CHAR-B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll . INFO: HKCU has more than 50 listed DOMAINS. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9E4B9493-F1B6-46F8-A5E8-5DA4308457EE} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9E4B9493-F1B6-46F8-A5E8-5DA4308457EE}\4527164656027596E6463702D4F64756C6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{9E4B9493-F1B6-46F8-A5E8-5DA4308457EE}\C496E6B63597370254D243230303D27657563747 : DHCPNameServer = 192.168.3.1 SSODL: WebCheck - x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [ISW] x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - Hosts: 127.0.0.1www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Char - Bill\AppData\Roaming\Mozilla\Firefox\Profiles\dqytkgi0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nbcnews.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=061414&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll . ============= SERVICES / DRIVERS =============== . R0 DKDFM;Device Filter Manager Driver;C:\Windows\System32\drivers\DKDFM.sys [2012-9-30 40752] R0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\Windows\System32\drivers\DKTLFSMF.sys [2012-9-30 106832] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-23 55280] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-7-22 89600] R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-9-30 52048] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-23 215552] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 cricutexpression2;cricutexpression2;C:\Windows\System32\drivers\cricutexpression2_x64.sys [2011-9-2 70672] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872] S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-17 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736] . =============== Created Last 30 ================ . 2014-06-26 03:27:15122584----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-26 03:26:5463704----a-w-C:\Windows\System32\drivers\mwac.sys 2014-06-26 03:26:54--------d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-26 02:14:3810779000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94A14231-87B8-467B-8388-93BE1C33221E}\mpengine.dll 2014-06-26 01:57:47--------d-----w-C:\ProgramData\OEM Links 2014-06-26 01:57:47--------d-----w-C:\MININT 2014-06-26 00:51:101031560----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB7EEFF3-2DB9-4EE9-8432-684020541B65}\gapaengine.dll 2014-06-24 01:36:2610779000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-06-21 12:20:24404992----a-w-C:\Windows\SysWow64\CommonDlg.dll 2014-06-14 16:34:2494432----a-w-C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe 2014-06-13 22:36:55--------d-----w-C:\ProgramData\PC-Doctor for Windows 2014-06-13 22:36:27--------d-----w-C:\Program Files\My Dell 2014-06-13 06:18:311031560----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-06-13 06:17:1898216----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-06-11 02:21:2593808----a-w-C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2014-06-08 21:44:53--------d-sh--w-C:\Users\Char - Bill\AppData\Local\EmieUserList 2014-06-08 21:44:53--------d-sh--w-C:\Users\Char - Bill\AppData\Local\EmieSiteList 2014-06-08 16:59:40--------d-s---w-C:\Windows\SysWow64\Microsoft 2014-06-08 14:01:07--------d-----w-C:\ProgramData\PCDr 2014-06-08 01:21:49--------d-----w-C:\Program Files (x86)\Microsoft Security Client 2014-06-08 01:21:44--------d-----w-C:\Program Files\Microsoft Security Client 2014-06-08 00:36:41--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-08 00:26:3791352----a-w-C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-07 23:59:53--------d-----w-C:\Windows\ERUNT 2014-06-07 16:44:06--------d-----w-C:\AdwCleaner 2014-06-07 16:01:40--------d-----w-C:\Program Files (x86)\ESET 2014-06-07 05:28:33--------d-s---w-C:\Windows\System32\CompatTel 2014-06-07 04:49:01167424----a-w-C:\Program Files\Windows Media Player\wmplayer.exe 2014-06-07 04:49:01164864----a-w-C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2014-06-07 04:48:5812625920----a-w-C:\Windows\System32\wmploc.DLL 2014-06-07 04:48:5712625408----a-w-C:\Windows\SysWow64\wmploc.DLL 2014-06-07 04:38:52--------d-----w-C:\Windows\Migration 2014-06-07 04:33:35155584----a-w-C:\Windows\System32\drivers\ataport.sys 2014-06-07 04:33:31461312----a-w-C:\Windows\System32\scavengeui.dll 2014-06-07 04:33:21223752----a-w-C:\Windows\System32\drivers\fvevol.sys 2014-06-07 04:33:01658432----a-w-C:\Windows\System32\RMActivate_isv.exe 2014-06-07 04:33:00626176----a-w-C:\Windows\System32\RMActivate.exe 2014-06-07 04:33:00594944----a-w-C:\Windows\SysWow64\RMActivate_isv.exe 2014-06-07 04:31:5927584----a-w-C:\Windows\System32\drivers\Diskdump.sys 2014-06-07 04:31:59190912----a-w-C:\Windows\System32\drivers\storport.sys 2014-06-07 04:31:582048----a-w-C:\Windows\SysWow64\iologmsg.dll 2014-06-07 04:31:572048----a-w-C:\Windows\System32\iologmsg.dll 2014-06-07 04:31:4848640----a-w-C:\Windows\System32\wwanprotdim.dll 2014-06-07 04:31:48228864----a-w-C:\Windows\System32\wwansvc.dll 2014-06-07 04:31:46335360----a-w-C:\Windows\System32\msieftp.dll 2014-06-07 04:31:45301568----a-w-C:\Windows\SysWow64\msieftp.dll 2014-06-07 04:31:431684928----a-w-C:\Windows\System32\drivers\ntfs.sys 2014-06-07 02:32:08--------d-----w-C:\Users\Char - Bill\AppData\Roaming\IDM2 2014-06-06 20:56:41--------d-----w-C:\Users\Char - Bill\AppData\Local\Programs 2014-06-06 19:05:33878080----a-w-C:\Windows\System32\advapi32.dll 2014-06-06 19:05:33859648----a-w-C:\Windows\System32\tdh.dll 2014-06-06 19:05:331732032----a-w-C:\Windows\System32\ntdll.dll 2014-06-06 19:05:32640512----a-w-C:\Windows\SysWow64\advapi32.dll 2014-06-06 19:05:32619520----a-w-C:\Windows\SysWow64\tdh.dll 2014-06-06 19:05:321292192----a-w-C:\Windows\SysWow64\ntdll.dll 2014-06-06 19:03:52327168----a-w-C:\Windows\System32\mswsock.dll 2014-06-06 19:03:51231424----a-w-C:\Windows\SysWow64\mswsock.dll 2014-06-06 19:02:541887232----a-w-C:\Windows\System32\d3d11.dll 2014-06-06 19:02:541505280----a-w-C:\Windows\SysWow64\d3d11.dll 2014-06-06 17:46:3581408----a-w-C:\Windows\System32\imagehlp.dll 2014-06-06 17:46:35159232----a-w-C:\Windows\SysWow64\imagehlp.dll 2014-06-06 17:46:34484864----a-w-C:\Windows\System32\wer.dll 2014-06-06 17:46:34381440----a-w-C:\Windows\SysWow64\wer.dll 2014-06-06 17:45:432048----a-w-C:\Windows\SysWow64\tzres.dll 2014-06-06 17:45:432048----a-w-C:\Windows\System32\tzres.dll 2014-06-06 17:43:10230400----a-w-C:\Windows\System32\drivers\portcls.sys 2014-06-06 17:43:10116736----a-w-C:\Windows\System32\drivers\drmk.sys 2014-06-06 17:43:093156480----a-w-C:\Windows\System32\win32k.sys 2014-06-06 17:43:0699840----a-w-C:\Windows\System32\drivers\usbccgp.sys 2014-06-06 17:43:067808----a-w-C:\Windows\System32\drivers\usbd.sys 2014-06-06 17:43:0653248----a-w-C:\Windows\System32\drivers\usbehci.sys 2014-06-06 17:43:06343040----a-w-C:\Windows\System32\drivers\usbhub.sys 2014-06-06 17:43:06325120----a-w-C:\Windows\System32\drivers\usbport.sys 2014-06-06 17:43:0630720----a-w-C:\Windows\System32\drivers\usbuhci.sys 2014-06-06 17:43:0625600----a-w-C:\Windows\System32\drivers\usbohci.sys 2014-06-06 17:34:0010702536----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BB63539-C2A8-4B17-AA07-638F54BE86D2}\mpengine.dll 2014-06-03 19:02:0810993664----a-w-C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi . ==================== Find3M ==================== . 2014-06-06 19:18:4970832----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-06 19:18:49692400----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2014-05-30 10:02:372724864----a-w-C:\Windows\System32\mshtml.tlb 2014-05-30 10:02:094096----a-w-C:\Windows\System32\ieetwcollectorres.dll 2014-05-30 09:39:43548352----a-w-C:\Windows\System32\vbscript.dll 2014-05-30 09:39:2366048----a-w-C:\Windows\System32\iesetup.dll 2014-05-30 09:38:2948640----a-w-C:\Windows\System32\ieetwproxystub.dll 2014-05-30 09:21:23139264----a-w-C:\Windows\System32\ieUnatt.exe 2014-05-30 09:21:05111616----a-w-C:\Windows\System32\ieetwcollector.exe 2014-05-30 09:20:36752640----a-w-C:\Windows\System32\jscript9diag.dll 2014-05-30 09:11:24940032----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe 2014-05-30 09:08:225782528----a-w-C:\Windows\System32\jscript9.dll 2014-05-30 09:02:392724864----a-w-C:\Windows\SysWow64\mshtml.tlb 2014-05-30 08:55:3638400----a-w-C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-05-30 08:44:28455168----a-w-C:\Windows\SysWow64\vbscript.dll 2014-05-30 08:43:0661952----a-w-C:\Windows\SysWow64\iesetup.dll 2014-05-30 08:42:1651200----a-w-C:\Windows\SysWow64\ieetwproxystub.dll 2014-05-30 08:28:33112128----a-w-C:\Windows\SysWow64\ieUnatt.exe 2014-05-30 08:27:56592896----a-w-C:\Windows\SysWow64\jscript9diag.dll 2014-05-30 08:24:191249280----a-w-C:\Windows\System32\mshtmlmedia.dll 2014-05-30 08:23:222040832----a-w-C:\Windows\System32\inetcpl.cpl 2014-05-30 08:10:4632256----a-w-C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-05-30 07:56:562266112----a-w-C:\Windows\System32\wininet.dll 2014-05-30 07:56:504244992----a-w-C:\Windows\SysWow64\jscript9.dll 2014-05-30 07:50:091068032----a-w-C:\Windows\SysWow64\mshtmlmedia.dll 2014-05-30 07:49:381964544----a-w-C:\Windows\SysWow64\inetcpl.cpl 2014-05-30 07:21:101790976----a-w-C:\Windows\SysWow64\wininet.dll 2014-05-12 12:25:5625816----a-w-C:\Windows\System32\drivers\mbam.sys 2014-05-09 06:14:03477184----a-w-C:\Windows\System32\aepdu.dll 2014-05-09 06:11:23424448----a-w-C:\Windows\System32\aeinv.dll 2014-04-25 02:34:59801280----a-w-C:\Windows\System32\usp10.dll 2014-04-25 02:06:17626688----a-w-C:\Windows\SysWow64\usp10.dll 2014-04-12 02:22:0595680----a-w-C:\Windows\System32\drivers\ksecdd.sys 2014-04-12 02:22:05155072----a-w-C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 02:19:3829184----a-w-C:\Windows\System32\sspisrv.dll 2014-04-12 02:19:38136192----a-w-C:\Windows\System32\sspicli.dll 2014-04-12 02:19:3728160----a-w-C:\Windows\System32\secur32.dll 2014-04-12 02:19:321460736----a-w-C:\Windows\System32\lsasrv.dll 2014-04-12 02:19:0531232----a-w-C:\Windows\System32\lsass.exe 2014-04-12 02:12:0622016----a-w-C:\Windows\SysWow64\secur32.dll 2014-04-12 02:10:5696768----a-w-C:\Windows\SysWow64\sspicli.dll 2014-04-05 02:47:201903552----a-w-C:\Windows\System32\drivers\tcpip.sys 2014-04-05 02:47:09288192----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-03-31 14:35:08270496------w-C:\Windows\System32\MpSigStub.exe . ============= FINISH: 22:55:43.80 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/23/2009 10:38:39 PM System Uptime: 6/25/2014 10:43:44 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G848F Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 232.615 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP292: 6/8/2014 8:09:41 AM - Windows Update RP293: 6/8/2014 8:39:25 AM - Revo Uninstaller's restore point - avast! Free Antivirus RP294: 6/8/2014 11:58:59 AM - avast! Free Antivirus Setup RP295: 6/8/2014 12:01:28 PM - Revo Uninstaller's restore point - avast! Free Antivirus RP296: 6/8/2014 5:49:45 PM - Installed Microsoft Fix it 50566 RP297: 6/8/2014 11:45:33 PM - Windows Update RP298: 6/11/2014 10:40:42 PM - Windows Update RP299: 6/13/2014 1:15:17 AM - Installed Java 7 Update 60 RP300: 6/14/2014 11:16:56 AM - Windows Update RP301: 6/14/2014 11:40:06 AM - Revo Uninstaller's restore point - Bing Desktop RP302: 6/14/2014 11:43:35 AM - Revo Uninstaller's restore point - Bing Bar RP303: 6/23/2014 7:52:32 PM - Windows Update . ==== Installed Programs ====================== . AccuChef Adobe AIR Adobe Download Manager Adobe Flash Player 13 ActiveX Adobe Flash Player 13 Plugin Adobe Help Center 2.1 Adobe Photoshop Elements 5.0 Adobe Reader X (10.1.10) CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Cricut Expression 2 (TM) Driver v1.01 CricutSync Dell Dock Dell Edoc Viewer Dell Touchpad Dell Wireless WLAN Card Utility DirectXInstallService Diskeeper 12 Home EMC 10 Content EMCGadgets64 ESET Online Scanner v3 Google Earth Google Update Helper GoToAssist 8.0.0.514 Hoyle Puzzle Games 2005 HP Officejet 4620 series Basic Device Software HP Officejet 4620 series Help HP Officejet 4620 series Product Improvement Study HP Update I.R.I.S. OCR IDT Audio Intel(R) Graphics Media Accelerator Driver Intel(R) Rapid Storage Technology Intel® Matrix Storage Manager Internet Download Manager² 1.0 Java 7 Update 60 Java Auto Updater Java(TM) 6 Update 14 (64-bit) Java(TM) 6 Update 18 Java(TM) 6 Update 22 Junk Mail filter update LastPass (uninstall only) Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Access database engine 2007 (English) Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2010 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable Package Microsoft Works Mozilla Firefox 30.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Dell Octoshape add-in for Adobe Flash Player OpenOffice.org 3.4.1 PowerDVD DX Pradis 5.0 Quickset64 Revo Uninstaller 1.92 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Sonic CinePlayer Decoder Pack SUPERAntiSpyware System Requirements Lab for Intel VD64Inst Web Protect for Windows Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin WordWeb . ==== Event Viewer Messages From Past Week ======== . 6/25/2014 8:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Inspiron1545\Char - Bill SID (S-1-5-21-4193595447-3364358048-133568859-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/25/2014 8:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Inspiron1545\Char - Bill SID (S-1-5-21-4193595447-3364358048-133568859-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/25/2014 7:40:21 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.49.123, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. 6/25/2014 10:44:26 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack. 6/25/2014 10:44:26 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.6, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. . ==== End Of File =========================== I can't see anything malicious on your computer that would cause this. I think it's time to save your important data and re-format and re-install your OS.Well I have to agree because it is frustrating being on the internet. I want to thank you for your time and patience with me. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|