Trend AV running into an error

Started by catfish43, August 14, 2013, 03:08:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

catfish43

August 14, 2013, 03:08:26 PM
Using Trend AV on Windows & professional. Scan cannot be completed due to the attached message. It says a virus has been detected but I need to remove it in order to scan for viruses.

Corrine

#1
August 14, 2013, 05:44:59 PM
Hi, catfish43.

The error message you are receiving from Trend Micro appears to indicate that it the service to scan has been disabled.  ntrtscan.exe is located in \%Program Files%\Trend Micro\Client Server Security Agent\

If you cannot start the scan and remove the virus, please provide a copy of the logs requested in the Log Posting Instructions topic.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#2
August 14, 2013, 06:39:43 PM
The DDS link posted on that page appears to be dead.

Corrine

#3
August 14, 2013, 07:15:44 PM
The link for DDS is a direct download link from Bleeping Computer.  If it didn't open for you to save it, go directly to BC to download the file to your desktop:  http://www.bleepingcomputer.com/download/dds/


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#4
August 14, 2013, 08:09:16 PM
Thanks Corrine.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by hfisher at 16:03:41 on 2013-08-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1256 [GMT -4:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\Google\Chrome Remote Desktop\29.0.1547.32\remoting_host.exe
C:\Program Files\Google\Chrome Remote Desktop\29.0.1547.32\remoting_host.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Users\hfisher\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\hfisher\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\hfisher\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WinBidPro\WinBidPro.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1:9421;<local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1056\TmIEPlg.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Akamai NetSession Interface] "c:\users\hfisher\appdata\local\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN337BWGY705KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\hfisher\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hfisher\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hfisher\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9669BC0A-13E4-45BF-9EB8-50BD27112921} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1056\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist remote support customer\498\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-5-17 13560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-10-26 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\29.0.1547.32\remoting_host.exe [2013-7-23 10192]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-2-4 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-26 701512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-11 1153368]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2013-6-5 50200]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-11 264504]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-11 36664]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-10-26 273960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-26 22856]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-6 62728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ComAppService;GTS ComApp;c:\gts\glaspaclx\communications applet\ComAppService.exe [2010-10-28 28672]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\citrix\gotoassist remote support customer\498\g2ax_service.exe [2013-2-20 611400]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689712]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-29 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-14 11:27:02   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 11:26:58   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 11:26:58   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 11:26:58   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 11:26:58   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 11:26:54   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 11:26:53   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 11:26:53   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 11:26:52   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 11:26:52   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 11:26:46   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 11:26:44   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 11:23:06   7143960   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{4f9731d8-d86b-42bc-976e-afeaa457c1a2}\mpengine.dll
2013-08-09 12:53:14   --------   d-----r-   c:\users\hfisher\Google Drive
2013-07-29 17:57:00   --------   d-----w-   c:\users\hfisher\appdata\local\LogMeIn Rescue Applet
2013-07-29 16:28:59   --------   d-----w-   c:\programdata\Visan
2013-07-29 16:28:59   --------   d-----w-   c:\programdata\HP Photo Creations
2013-07-29 16:28:59   --------   d-----w-   c:\program files\HP Photo Creations
2013-07-29 16:27:52   --------   d-----w-   c:\windows\Hewlett-Packard
2013-07-29 16:19:57   --------   d-----w-   c:\program files\common files\HP
2013-07-29 16:19:55   --------   d-----w-   c:\program files\common files\Hewlett-Packard
2013-07-17 07:04:14   --------   d-----w-   c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-26 03:13:24   1767936   ----a-w-   c:\windows\system32\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   c:\windows\system32\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   c:\windows\system32\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38   71680   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-06-21 14:08:52   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 14:08:49   867240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-06-21 14:08:49   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-12 12:47:14   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:47:12   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 11:31:11   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-06-08 03:28:24   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 03:28:22   53064   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 03:28:18   31560   ----a-w-   c:\windows\system32\LMIport.dll
2013-06-08 03:28:16   92488   ----a-w-   c:\windows\system32\LMIinit.dll
2013-06-05 03:05:09   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-06-04 04:53:07   509440   ----a-w-   c:\windows\system32\qedit.dll
2013-05-17 19:04:00   44424   ----a-w-   c:\windows\system32\sbbd.exe
2013-05-17 19:03:59   13560   ----a-w-   c:\windows\system32\drivers\gfibto.sys
.
============= FINISH: 16:04:20.49 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/28/2010 1:39:02 PM
System Uptime: 8/14/2013 2:27:54 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 07N90W
Processor: Intel(R) Core(TM)2 Quad CPU    Q8400  @ 2.66GHz | CPU 1 | 2660/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 369.374 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7500 E910
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 7500 E910
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP446: 7/30/2013 2:11:33 AM - Windows Update
RP447: 8/2/2013 3:33:38 AM - Windows Update
RP448: 8/6/2013 7:25:35 AM - Windows Update
RP449: 8/12/2013 7:30:33 AM - Windows Backup
RP450: 8/13/2013 7:22:08 AM - Windows Update
RP451: 8/14/2013 9:12:32 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
6500_E709_eDocs
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Bing Bar
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom Gigabit NetLink Controller
Broadcom Management Programs
BufferChm
CCleaner
Chrome Remote Desktop Host
Conexant D850 PCI V.92 Modem
Crystal11
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Destinations
DeviceDiscovery
Digital Line Detect
DocMgr
DocProc
Dropbox
Fax
GDS Storefront Estimating, WinBidPro v15
GlasPacLX
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Customer 1.6.0.498
GPBaseService2
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet 6500 E709 Series
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Officejet 7500 E910 Basic Device Software
HP Officejet 7500 E910 Help
HP Officejet 7500 E910 Product Improvement Study
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
I.R.I.S. OCR
IGDB Database
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Marketsplash Shortcuts
Marvin Design System 18.1
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
Network
OCR Software by I.R.I.S. 14.0
OGA Notifier 2.0.0048.0
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG Android USB Modem Software
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
Trend Micro Client/Server Security Agent
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Window6.3
Window7 beta
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
8/7/2013 7:35:51 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/14/2013 4:04:02 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 82 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 4:02:52 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 81 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 4:01:42 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 80 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 4:00:33 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 79 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:59:23 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 78 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:58:13 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 77 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:57:04 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 76 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:55:53 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 75 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:54:44 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 74 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:53:34 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 73 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:52:24 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 72 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:51:14 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 71 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:50:04 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 70 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:48:54 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 69 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:47:45 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 68 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:46:35 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 67 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:45:25 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 66 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:44:15 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 65 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:43:06 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 64 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:41:56 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 63 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:40:46 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 62 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:39:36 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 61 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:38:27 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 60 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:37:17 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 59 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:36:07 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 58 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:34:58 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 57 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:33:48 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 56 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:32:38 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 55 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:31:29 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 54 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:30:19 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 53 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:29:09 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 52 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:27:59 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 51 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:26:50 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 50 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:25:40 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 49 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:24:30 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 48 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:23:21 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 47 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:22:11 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 46 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:21:01 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 45 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:19:52 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 44 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:18:42 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 43 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:17:31 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 42 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:16:21 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 41 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:15:11 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 40 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:14:01 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 39 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:12:50 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 38 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:11:40 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 37 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:10:30 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 36 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:09:19 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 35 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:08:09 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 34 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:06:59 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 33 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:05:49 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 32 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:04:39 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 31 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:03:29 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 30 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:02:18 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 29 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 3:01:08 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 28 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:59:58 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 27 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:58:48 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 26 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:57:37 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 25 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:56:27 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 24 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:55:17 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 23 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:54:07 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 22 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:52:57 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 21 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:51:47 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 20 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:50:36 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 19 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:49:26 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 18 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:48:16 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 17 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:47:06 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 16 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:45:56 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 15 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:44:45 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:43:35 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 13 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:42:24 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 12 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:41:14 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 11 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:40:04 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 10 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:38:54 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 9 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:37:43 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 8 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:36:34 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:35:24 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 6 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:34:14 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 5 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:33:01 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:31:51 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:30:42 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:29:29 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:29:15 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/14/2013 2:28:09 PM, Error: Service Control Manager [7003]  - The GTS ComApp service depends the following service: Event Log. This service might not be installed.
8/14/2013 2:27:00 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 249 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:25:45 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 248 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:24:35 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 247 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:23:25 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 246 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:22:15 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 245 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:21:06 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 244 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:19:56 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 243 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:18:46 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 242 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:17:36 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 241 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:15:56 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 240 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:14:47 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 239 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:13:37 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 238 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:12:27 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 237 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:11:17 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 236 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 2:10:08 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 235 time(s).  The fol

Corrine

#5
August 14, 2013, 09:33:26 PM
Hi, catfish43.

I won't ask you for the rest of the attach.txt log as it appears it will contain another 200+ lines indicating that " The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly."

Please go here to run an on-line scan from ESET.

  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#6
August 15, 2013, 03:58:33 PM
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4d085ec0ef1c0b49b518497ca60b1c8b
# engine=14782
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-15 03:51:36
# local_time=2013-08-15 11:51:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 128126687 0 0
# scanned=166777
# found=1
# cleaned=0
# scan_time=8729
sh=3D57E0BE62FBDBEB0F0A88DFFC6B18863076746A ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A application" ac=I fn="C:\Users\hfisher\Dropbox\Acrobat Professional X pc.zip"

Corrine

#7
August 15, 2013, 06:08:53 PM
1.  Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

2.  Please download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important: Save it to your desktop.
  • Double-click CKScanner.exe (Right-click and select "Run as administrator" in Windows Vista/Windows 7).
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hour glass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#8
August 15, 2013, 07:26:34 PM
I cannot get "http://downloads.malwareremoval.com/CKScanner.exe" past my Trend nor figure out how to disable it temporarily. I think
I need an admin to do it as I need to log in to th e" worryfree business console"

catfish43

#9
August 15, 2013, 08:12:12 PM
ComboFix 13-08-15.02 - hfisher 08/15/2013  14:21:21.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1277 [GMT -4:00]
Running from: c:\users\hfisher\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_ctypes.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_elementtree.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_hashlib.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_multiprocessing.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_socket.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\_ssl.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\msvcp100.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\msvcr100.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\pyexpat.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\pysqlite2._sqlite.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\python27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\pythoncom27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\PyWinTypes27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\select.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\unicodedata.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32api.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32com.shell.shell.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32crypt.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32event.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32file.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32inet.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32pdh.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32process.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32profile.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32security.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\win32ts.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\windows._cacheinvalidation.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._controls_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._core_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._gdi_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._html2.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._misc_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._windows_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wx._wizard.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxbase294u_net_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxbase294u_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxmsw294u_adv_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxmsw294u_core_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxmsw294u_html_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI60962\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-15 to 2013-08-15  )))))))))))))))))))))))))))))))
.
.
2013-08-15 18:32 . 2013-08-15 18:32   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-08-15 18:32 . 2013-08-15 18:32   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-08-15 11:49 . 2013-08-15 11:49   60872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F9731D8-D86B-42BC-976E-AFEAA457C1A2}\offreg.dll
2013-08-15 11:43 . 2013-08-15 11:43   --------   d-----w-   c:\program files\ESET
2013-08-14 11:27 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 11:26 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 11:26 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 11:26 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 11:26 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 11:26 . 2013-07-09 05:03   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 11:26 . 2013-07-09 05:03   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 11:26 . 2013-07-09 04:53   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 11:26 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 11:26 . 2013-07-06 05:05   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 11:26 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 11:26 . 2013-06-15 03:38   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 11:23 . 2013-07-02 06:54   7143960   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F9731D8-D86B-42BC-976E-AFEAA457C1A2}\mpengine.dll
2013-08-09 12:53 . 2013-08-15 18:41   --------   d-----r-   c:\users\hfisher\Google Drive
2013-07-30 15:37 . 2013-07-30 15:37   --------   d-----w-   c:\users\hfisher\AppData\Roaming\HP
2013-07-29 17:57 . 2013-08-06 11:24   --------   d-----w-   c:\users\hfisher\AppData\Local\LogMeIn Rescue Applet
2013-07-29 16:28 . 2013-07-29 16:29   --------   d-----w-   c:\program files\HP Photo Creations
2013-07-29 16:28 . 2013-07-29 16:29   --------   d-----w-   c:\programdata\HP Photo Creations
2013-07-29 16:28 . 2013-07-29 16:28   --------   d-----w-   c:\programdata\Visan
2013-07-29 16:27 . 2013-07-29 16:27   --------   d-----w-   c:\windows\Hewlett-Packard
2013-07-29 16:21 . 2013-07-29 16:21   --------   d-----w-   c:\programdata\HP Product Assistant
2013-07-29 16:19 . 2013-07-29 16:19   --------   d-----w-   c:\program files\Common Files\HP
2013-07-29 16:19 . 2013-07-29 16:19   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2013-07-17 07:04 . 2013-08-14 13:20   --------   d-----w-   c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 14:08 . 2013-06-21 14:09   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 14:08 . 2012-09-11 17:07   867240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-06-21 14:08 . 2010-10-26 04:43   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-12 12:47 . 2012-03-30 11:30   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:47 . 2011-05-27 11:23   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 11:31 . 2013-02-04 12:38   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-06-08 03:28 . 2013-02-04 12:38   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 03:28 . 2013-02-04 12:38   53064   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 03:28 . 2013-02-04 12:38   31560   ----a-w-   c:\windows\system32\LMIport.dll
2013-06-08 03:28 . 2013-02-04 12:38   92488   ----a-w-   c:\windows\system32\LMIinit.dll
2013-06-05 03:05 . 2013-07-11 11:42   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 11:42   509440   ----a-w-   c:\windows\system32\qedit.dll
2013-05-17 19:04 . 2013-05-17 19:04   44424   ----a-w-   c:\windows\system32\sbbd.exe
2013-05-17 19:03 . 2013-05-17 19:04   13560   ----a-w-   c:\windows\system32\drivers\gfibto.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\hfisher\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-29 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-05-31 1946648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-04-30 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\hfisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hfisher\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-10-26 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2013-02-20 15:14   610888   ----a-w-   c:\program files\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 ComAppService;GTS ComApp;c:\gts\glaspacLX\Communications Applet\ComAppService.exe [2007-06-22 28672]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe Start=service

  • R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-29 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-17 13560]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-09-07 116608]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
    S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\29.0.1547.32\remoting_host.exe [2013-07-24 10192]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-04-30 13624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-06-05 50200]
    S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 264504]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 36664]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
    S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 62728]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-08 689712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService   REG_MULTI_SZ      HsfXAudioService
    Akamai   REG_MULTI_SZ      Akamai
    HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
    HPService   REG_MULTI_SZ      HPSLPSVC
    hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-08-01 00:06   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:47]
    .
    2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:51]
    .
    2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1211855846-688717633-3563366428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-1211855846-688717633-3563366428-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-1211855846-688717633-3563366428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-1211855846-688717633-3563366428-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1052)
    c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ASTSRV.EXE
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
    c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\conhost.exe
    c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\users\hfisher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2013-08-15  14:55:14 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-08-15 18:55
    ComboFix2.txt  2013-05-20 18:36
    .
    Pre-Run: 395,569,356,800 bytes free
    Post-Run: 395,297,980,416 bytes free
    .
    - - End Of File - - 68A708F7559691D74CD59B7054E25241
    CDB4DE4BBD714F152979DA2DCBEF57EB

catfish43

#10
August 15, 2013, 08:18:48 PM
However my AV Scan is now working

Corrine

#11
August 16, 2013, 12:43:43 AM
Yes, I saw that ntrtscan.exe is now showing in "running processes".   It would be a good idea if you run a full system scan, but please wait until we are finished.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

File::
C:\Users\hfisher\Dropbox\Acrobat Professional X pc.zip


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#12
August 16, 2013, 12:40:49 PM
ComboFix 13-08-15.03 - hfisher 08/16/2013   7:52.3.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1746 [GMT -4:00]
Running from: c:\users\hfisher\Desktop\ComboFix.exe
Command switches used :: c:\users\hfisher\Desktop\CFScript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
FILE ::
"c:\users\hfisher\Dropbox\Acrobat Professional X pc.zip"
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_ctypes.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_elementtree.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_hashlib.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_multiprocessing.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_socket.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\_ssl.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\msvcp100.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\msvcr100.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\pyexpat.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\pysqlite2._sqlite.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\python27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\pythoncom27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\PyWinTypes27.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\select.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\unicodedata.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32api.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32com.shell.shell.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32crypt.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32event.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32file.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32inet.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32pdh.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32process.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32profile.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32security.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\win32ts.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\windows._cacheinvalidation.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._controls_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._core_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._gdi_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._html2.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._misc_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._windows_.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wx._wizard.pyd
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxbase294u_net_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxbase294u_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxmsw294u_adv_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxmsw294u_core_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxmsw294u_html_vc90.dll
c:\users\hfisher\AppData\Local\Temp\_MEI37762\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-16 to 2013-08-16  )))))))))))))))))))))))))))))))
.
.
2013-08-16 12:24 . 2013-08-16 12:26   --------   d-----w-   c:\users\hfisher\AppData\Local\temp
2013-08-16 12:24 . 2013-08-16 12:24   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-08-16 12:24 . 2013-08-16 12:24   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-08-15 11:43 . 2013-08-15 11:43   --------   d-----w-   c:\program files\ESET
2013-08-14 11:27 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 11:26 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 11:26 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 11:26 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 11:26 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 11:26 . 2013-07-09 05:03   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 11:26 . 2013-07-09 05:03   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 11:26 . 2013-07-09 04:53   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 11:26 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 11:26 . 2013-07-06 05:05   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 11:26 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 11:26 . 2013-06-15 03:38   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-08-09 12:53 . 2013-08-15 19:07   --------   d-----r-   c:\users\hfisher\Google Drive
2013-07-30 15:37 . 2013-07-30 15:37   --------   d-----w-   c:\users\hfisher\AppData\Roaming\HP
2013-07-29 17:57 . 2013-08-06 11:24   --------   d-----w-   c:\users\hfisher\AppData\Local\LogMeIn Rescue Applet
2013-07-29 16:28 . 2013-07-29 16:29   --------   d-----w-   c:\program files\HP Photo Creations
2013-07-29 16:28 . 2013-07-29 16:29   --------   d-----w-   c:\programdata\HP Photo Creations
2013-07-29 16:28 . 2013-07-29 16:28   --------   d-----w-   c:\programdata\Visan
2013-07-29 16:27 . 2013-07-29 16:27   --------   d-----w-   c:\windows\Hewlett-Packard
2013-07-29 16:21 . 2013-07-29 16:21   --------   d-----w-   c:\programdata\HP Product Assistant
2013-07-29 16:19 . 2013-07-29 16:19   --------   d-----w-   c:\program files\Common Files\HP
2013-07-29 16:19 . 2013-07-29 16:19   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 09:16 . 2013-08-16 09:16   60872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F16F96F-8392-45FF-8219-AD48D1819252}\offreg.dll
2013-07-02 06:54 . 2013-08-16 07:28   7143960   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F16F96F-8392-45FF-8219-AD48D1819252}\mpengine.dll
2013-06-21 14:08 . 2013-06-21 14:09   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 14:08 . 2012-09-11 17:07   867240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-06-21 14:08 . 2010-10-26 04:43   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-12 12:47 . 2012-03-30 11:30   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:47 . 2011-05-27 11:23   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 11:31 . 2013-02-04 12:38   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-06-08 03:28 . 2013-02-04 12:38   86888   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 03:28 . 2013-02-04 12:38   53064   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 03:28 . 2013-02-04 12:38   31560   ----a-w-   c:\windows\system32\LMIport.dll
2013-06-08 03:28 . 2013-02-04 12:38   92488   ----a-w-   c:\windows\system32\LMIinit.dll
2013-06-05 03:05 . 2013-07-11 11:42   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 11:42   509440   ----a-w-   c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36   130736   ----a-w-   c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11   579024   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\hfisher\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-29 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-05-31 1946648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-04-30 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\hfisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hfisher\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-10-26 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2013-02-20 15:14   610888   ----a-w-   c:\program files\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 ComAppService;GTS ComApp;c:\gts\glaspacLX\Communications Applet\ComAppService.exe [2007-06-22 28672]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe Start=service

  • R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-29 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-17 13560]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-09-07 116608]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
    S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\29.0.1547.32\remoting_host.exe [2013-07-24 10192]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-04-30 13624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-06-05 50200]
    S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 264504]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 36664]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
    S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 62728]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-08 689712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService   REG_MULTI_SZ      HsfXAudioService
    Akamai   REG_MULTI_SZ      Akamai
    HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
    HPService   REG_MULTI_SZ      HPSLPSVC
    hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-08-01 00:06   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:47]
    .
    2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:51]
    .
    2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 14:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1211855846-688717633-3563366428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-1211855846-688717633-3563366428-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-1211855846-688717633-3563366428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-1211855846-688717633-3563366428-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(624)
    c:\users\hfisher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ASTSRV.EXE
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
    c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    c:\users\hfisher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
    c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2013-08-16  08:32:34 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-08-16 12:32
    ComboFix2.txt  2013-08-15 18:55
    ComboFix3.txt  2013-05-20 18:36
    .
    Pre-Run: 398,035,783,680 bytes free
    Post-Run: 397,832,187,904 bytes free
    .
    - - End Of File - - E6A67C7C42B9181CC29CC36A6F86029C
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#13
August 16, 2013, 02:06:29 PM
How is your computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

catfish43

#14
August 16, 2013, 02:12:11 PM
seems very good to me so far! :dance:
Print
Go Up Pages1 2
User actions