I just finished removing a fake antivirus program using rkill and malaware. However, I'm still having a problem with internet advertising sound appearing and disappearing randomly without having IE open. Help!
PS - getting professional help from you guys is really great. Thank you.:smile:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.17267 BrowserJavaVersion: 10.21.2
Run by Amy at 22:47:50 on 2013-05-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1729 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Users\Amy\Desktop\setup_11.0.0.1245.x01_2013_05_18_05_02.exe
C:\Users\Amy\AppData\Local\Temp\RarSFX0\6102706.exe
C:\Users\Amy\AppData\Local\Temp\1151064\6102706.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.luther.edu/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = g.msn.com/USCON/1
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Amy\AppData\Local\Temp\_uninst_.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.principal.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://amsdad.viewnetcam.com:5000/JpegInst.cab
TCP: NameServer = 97.64.168.12 97.64.183.165 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172} : DHCPNameServer = 97.64.168.12 97.64.183.165 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\14D435E45445 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\14D69702A392 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\34963736F63343239343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\34963736F66363030373 : DHCPNameServer = 97.64.168.12 97.64.183.165 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-24 55280]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-25 20984]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-25 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-25 74280]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-25 98208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 701512]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-24 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-24 2320920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-10-25 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-24 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-24 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-25 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-25 271872]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-26 25928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 245792]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
.
=============== Created Last 30 ================
.
2013-05-18 03:25:42 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-18 03:00:52 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA57AB74-4098-4C28-87E1-ECCE191AB14F}\mpengine.dll
2013-05-18 02:53:48 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-05-18 02:51:34 -------- d-----w- C:\06f11e87c5ec64c9ae091dc9e06cc6
2013-05-18 02:39:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-11 18:24:21 307337 ----a-w- C:\icq.exe
2013-05-11 18:18:28 31283 ----a-w- C:\spoolsv.exe
2013-05-11 18:17:39 19951 ----a-w- C:\java.exe
2013-05-11 18:11:09 22471 ----a-w- C:\acrobat.exe
2013-05-07 00:19:04 458751 ----a-w- C:\jqs.exe
2013-05-06 22:41:58 0 ----a-w- C:\notepad.exe
2013-05-06 22:36:38 591217 ----a-w- C:\flashplayer.exe
2013-05-06 22:27:37 131071 ----a-w- C:\conhost.exe
2013-05-06 22:27:34 0 ----a-w- C:\rundll32.exe
2013-05-06 22:18:47 651855 ----a-w- C:\iexplore.exe
2013-05-06 00:54:34 -------- d-----w- C:\Users\Amy\AppData\Roaming\GetRightToGo
2013-04-24 01:54:04 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-18 02:38:54 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-18 02:38:54 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-05 21:16:01 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-05 21:16:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:05:55 5466472 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:51:12 58368 ----a-w- C:\Windows\System32\appidapi.dll
2013-03-19 05:51:12 34304 ----a-w- C:\Windows\System32\appidsvc.dll
2013-03-19 05:04:04 3971432 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:04 3915608 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 04:49:27 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2013-03-19 03:57:31 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2013-03-19 03:57:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2013-03-19 03:57:22 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-02 05:49:19 1198080 ----a-w- C:\Windows\System32\wininet.dll
2013-03-02 05:43:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2013-03-02 05:06:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-02 04:38:33 482816 ----a-w- C:\Windows\System32\html.iec
2013-03-02 04:03:34 386048 ----a-w- C:\Windows\SysWow64\html.iec
2013-03-02 03:56:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-02 03:30:45 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-03-02 03:29:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:49:46.51 ===============
PS - getting professional help from you guys is really great. Thank you.:smile:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.17267 BrowserJavaVersion: 10.21.2
Run by Amy at 22:47:50 on 2013-05-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1729 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Users\Amy\Desktop\setup_11.0.0.1245.x01_2013_05_18_05_02.exe
C:\Users\Amy\AppData\Local\Temp\RarSFX0\6102706.exe
C:\Users\Amy\AppData\Local\Temp\1151064\6102706.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.luther.edu/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = g.msn.com/USCON/1
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Amy\AppData\Local\Temp\_uninst_.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.principal.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://amsdad.viewnetcam.com:5000/JpegInst.cab
TCP: NameServer = 97.64.168.12 97.64.183.165 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172} : DHCPNameServer = 97.64.168.12 97.64.183.165 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\14D435E45445 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\14D69702A392 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\34963736F63343239343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AE3049A-E092-4240-BDAA-E9142AD99172}\34963736F66363030373 : DHCPNameServer = 97.64.168.12 97.64.183.165 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-24 55280]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-25 20984]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-25 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-25 74280]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-25 98208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 701512]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-24 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-24 2320920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-10-25 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-24 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-24 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-25 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-25 271872]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-26 25928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 245792]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
.
=============== Created Last 30 ================
.
2013-05-18 03:25:42 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-18 03:00:52 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA57AB74-4098-4C28-87E1-ECCE191AB14F}\mpengine.dll
2013-05-18 02:53:48 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-05-18 02:51:34 -------- d-----w- C:\06f11e87c5ec64c9ae091dc9e06cc6
2013-05-18 02:39:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-11 18:24:21 307337 ----a-w- C:\icq.exe
2013-05-11 18:18:28 31283 ----a-w- C:\spoolsv.exe
2013-05-11 18:17:39 19951 ----a-w- C:\java.exe
2013-05-11 18:11:09 22471 ----a-w- C:\acrobat.exe
2013-05-07 00:19:04 458751 ----a-w- C:\jqs.exe
2013-05-06 22:41:58 0 ----a-w- C:\notepad.exe
2013-05-06 22:36:38 591217 ----a-w- C:\flashplayer.exe
2013-05-06 22:27:37 131071 ----a-w- C:\conhost.exe
2013-05-06 22:27:34 0 ----a-w- C:\rundll32.exe
2013-05-06 22:18:47 651855 ----a-w- C:\iexplore.exe
2013-05-06 00:54:34 -------- d-----w- C:\Users\Amy\AppData\Roaming\GetRightToGo
2013-04-24 01:54:04 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-18 02:38:54 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-18 02:38:54 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-05 21:16:01 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-05 21:16:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:05:55 5466472 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:51:12 58368 ----a-w- C:\Windows\System32\appidapi.dll
2013-03-19 05:51:12 34304 ----a-w- C:\Windows\System32\appidsvc.dll
2013-03-19 05:04:04 3971432 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:04 3915608 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 04:49:27 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2013-03-19 03:57:31 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2013-03-19 03:57:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2013-03-19 03:57:22 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-02 05:49:19 1198080 ----a-w- C:\Windows\System32\wininet.dll
2013-03-02 05:43:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2013-03-02 05:06:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-02 04:38:33 482816 ----a-w- C:\Windows\System32\html.iec
2013-03-02 04:03:34 386048 ----a-w- C:\Windows\SysWow64\html.iec
2013-03-02 03:56:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-02 03:30:45 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-03-02 03:29:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:49:46.51 ===============
