My windows sec. service center is not working and I already followed numerous advices from different websites but the error still there and keeps on prompting everytime I tried to enable the windows security service center..Perhaps my laptop was infected by a virus/malware (not sure). I think my brother did something (downloading etc..) and got my laptop infected..Please help...below is my DDS as per the instruction:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 11.31.2
Run by John.Vasquez at 11:41:43 on 2015-02-11
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
uWindow Title = Microsoft Internet Explorer provided by Intertek
uSearch Bar = hxxp://www.google.com
uDefault_Page_URL = hxxps://intranet.intertek.com/
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mWinlogon: Userinit = userinit.exe
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [BrowserChoice] <no file>
uRunOnce: [Adobe Speed Launcher] 1423628157
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoAutorun = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoOnlinePrintsWizard = dword:1
uPolicies-Explorer: NoPublishingWizard = dword:1
uPolicies-Explorer: NoWebServices = dword:1
uPolicies-Windows\System: ExcludeProfileDirs = My Music;Music;My Videos;Videos;My Received Files;My Skype Received Files
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = *** NOTICE TO USERS ***
mPolicies-System: legalnoticetext = This is an Intertek computer system and is the property of Intertek. It is for authorised use only. Users authorised or unauthorised have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted monitored recorded copied audited inspected and disclosed to authorised personnel of Intertek.
By using this system the user consents to such interception monitoring recording copying auditing inspection and disclosure at the discretion of Intertek.
Unauthorised or improper use of this system may result in administrative disciplinary action and potentially civil and criminal penalties.
By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxps://ign.intertek.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisAgentInstBootstrap.cab
TCP: NameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{790E3AD0-DED9-4F88-A76D-1D87F79C536A} : DHCPNameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F} : DHCPNameServer = 172.18.183.5 172.18.208.21
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0527F6C4966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0727F6C6966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\34C414942554D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\A6F656C65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\C6561676162716 : DHCPNameServer = 192.168.1.100 192.168.1.100
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\D656273696 : DHCPNameServer = 213.42.20.20 195.229.241.222 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
============= SERVICES / DRIVERS ===============
.
R? AltirisAgentProvider;AltirisAgentProvider
R? amdhub30;AMD USB 3.0 Hub Driver
R? amdxhc;AMD USB 3.0 Host Controller Driver
R? AMPPALP;Intelr Centrinor Wireless Bluetoothr + High Speed Protocol
R? BprotectEx;Baidu ProtectEx
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? htcnprot;HTC NDIS Protocol Driver
R? HtcVCom32;HTC Diagnostic Port
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
R? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
R? PCFApiUtil;PCFApiUtil
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? SyDvCtrl;SyDvCtrl
R? taphss6;Anchorfree HSS VPN Adapter
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? usbrndis6;USB RNDIS6 Adapter
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
S? AeXAgentSrvHost;AeXAgentSrvHost
S? AMPPAL;Intelr Centrinor Wireless Bluetoothr + High Speed Virtual Adapter
S? AMPPALR3;Intelr Centrinor Wireless Bluetoothr + High Speed Service
S? bcbtums;Bluetooth RAM Firmware Download USB Filter
S? BHDrvx64;BHDrvx64
S? BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service
S? btwampfl;btwampfl Bluetooth filter driver
S? BTWDPAN;Bluetooth Personal Area Network
S? btwl2cap;Bluetooth L2CAP Service
S? ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? HP Support Assistant Service;HP Support Assistant Service
S? HPDrvMntSvc.exe;HP Quick Synchronization Service
S? hpHotkeyMonitor;hpHotkeyMonitor
S? hpsrv;HP Service
S? IDSVia64;IDSVia64
S? IntcDAud;Intel(R) Display Audio
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? JMCR;JMCR
S? johci;JMicron 1394 Filter Driver
S? PassThru Service;Internet Pass-Through Service
S? SepMasterService;Symantec Endpoint Protection
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMNETS;Symantec Network Security WFP Driver
S? TeamViewer8;TeamViewer 8
S? UNS;Intel(R) Management and Security Application User Notification Service
S? usbfilter;AMD USB Filter Driver
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-02-11 07:37:38 65536 ---hatw- C:\Users\john.vasque\~July 2013.pst.tmp
2015-02-09 11:07:13 -------- d-----w- C:\Users\john.vasque\AppData\Roaming\uTorrent
2015-02-02 04:13:08 -------- d-----w- C:\syslink
2015-01-30 10:44:22 -------- d-----w- C:\Users\john.vasque\AppData\Local\Symantec Power Eraser
2015-01-13 15:17:56 18479800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2015-02-08 04:09:57 767152 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-08 04:09:57 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 10:01:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-17 07:14:34 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-19 00:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 11:43:49.60 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 11.31.2
Run by John.Vasquez at 11:41:43 on 2015-02-11
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
uWindow Title = Microsoft Internet Explorer provided by Intertek
uSearch Bar = hxxp://www.google.com
uDefault_Page_URL = hxxps://intranet.intertek.com/
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mWinlogon: Userinit = userinit.exe
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [BrowserChoice] <no file>
uRunOnce: [Adobe Speed Launcher] 1423628157
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoAutorun = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoOnlinePrintsWizard = dword:1
uPolicies-Explorer: NoPublishingWizard = dword:1
uPolicies-Explorer: NoWebServices = dword:1
uPolicies-Windows\System: ExcludeProfileDirs = My Music;Music;My Videos;Videos;My Received Files;My Skype Received Files
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = *** NOTICE TO USERS ***
mPolicies-System: legalnoticetext = This is an Intertek computer system and is the property of Intertek. It is for authorised use only. Users authorised or unauthorised have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted monitored recorded copied audited inspected and disclosed to authorised personnel of Intertek.
By using this system the user consents to such interception monitoring recording copying auditing inspection and disclosure at the discretion of Intertek.
Unauthorised or improper use of this system may result in administrative disciplinary action and potentially civil and criminal penalties.
By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxps://ign.intertek.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisAgentInstBootstrap.cab
TCP: NameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{790E3AD0-DED9-4F88-A76D-1D87F79C536A} : DHCPNameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F} : DHCPNameServer = 172.18.183.5 172.18.208.21
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0527F6C4966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0727F6C6966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\34C414942554D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\A6F656C65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\C6561676162716 : DHCPNameServer = 192.168.1.100 192.168.1.100
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\D656273696 : DHCPNameServer = 213.42.20.20 195.229.241.222 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
============= SERVICES / DRIVERS ===============
.
R? AltirisAgentProvider;AltirisAgentProvider
R? amdhub30;AMD USB 3.0 Hub Driver
R? amdxhc;AMD USB 3.0 Host Controller Driver
R? AMPPALP;Intelr Centrinor Wireless Bluetoothr + High Speed Protocol
R? BprotectEx;Baidu ProtectEx
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? htcnprot;HTC NDIS Protocol Driver
R? HtcVCom32;HTC Diagnostic Port
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
R? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
R? PCFApiUtil;PCFApiUtil
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? SyDvCtrl;SyDvCtrl
R? taphss6;Anchorfree HSS VPN Adapter
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? usbrndis6;USB RNDIS6 Adapter
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
S? AeXAgentSrvHost;AeXAgentSrvHost
S? AMPPAL;Intelr Centrinor Wireless Bluetoothr + High Speed Virtual Adapter
S? AMPPALR3;Intelr Centrinor Wireless Bluetoothr + High Speed Service
S? bcbtums;Bluetooth RAM Firmware Download USB Filter
S? BHDrvx64;BHDrvx64
S? BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service
S? btwampfl;btwampfl Bluetooth filter driver
S? BTWDPAN;Bluetooth Personal Area Network
S? btwl2cap;Bluetooth L2CAP Service
S? ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? HP Support Assistant Service;HP Support Assistant Service
S? HPDrvMntSvc.exe;HP Quick Synchronization Service
S? hpHotkeyMonitor;hpHotkeyMonitor
S? hpsrv;HP Service
S? IDSVia64;IDSVia64
S? IntcDAud;Intel(R) Display Audio
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? JMCR;JMCR
S? johci;JMicron 1394 Filter Driver
S? PassThru Service;Internet Pass-Through Service
S? SepMasterService;Symantec Endpoint Protection
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMNETS;Symantec Network Security WFP Driver
S? TeamViewer8;TeamViewer 8
S? UNS;Intel(R) Management and Security Application User Notification Service
S? usbfilter;AMD USB Filter Driver
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-02-11 07:37:38 65536 ---hatw- C:\Users\john.vasque\~July 2013.pst.tmp
2015-02-09 11:07:13 -------- d-----w- C:\Users\john.vasque\AppData\Roaming\uTorrent
2015-02-02 04:13:08 -------- d-----w- C:\syslink
2015-01-30 10:44:22 -------- d-----w- C:\Users\john.vasque\AppData\Local\Symantec Power Eraser
2015-01-13 15:17:56 18479800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2015-02-08 04:09:57 767152 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-08 04:09:57 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 10:01:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-17 07:14:34 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-19 00:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 11:43:49.60 ===============