Trojan

[melos]

I have IOBit Malware Fighter, free edition. A scan revealed "Trojan.Win32/Agent". The removal tool failed, however. When I scan again, the trojan is still there. Here's the log file:

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.3.0.3

Define Version: 1120

Time Elapsed: 00:09:12

Objects Scanned: 52136

Threats Found: 1

Save Time: 4/7/2012 12:19:50 PM

 

|Name|Type|Description|ID|

Trojan.Win32/Agent - Failed, FILE, C:\Windows\svchost.exe, 1018291

[melos]

Malwarebytes finds it but can't remove it either.

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

* Save both reports to your desktop.

* The instructions here ask you to attach the Attach.txt.

 

http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg

 

1) DDS.txt

2) Attach.txt

Instead of attaching, please copy/past both logs into your Thread

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

 

•Close the program window, and delete the program from your desktop.

 

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[melos]

Hi Dave, thank you very much for your help.

 

I'll copy and paste the files you requested below. I thought Superantispyware might have fixed the problem. It certainly found something, and removed it. When I rebooted, I got a blue screen, then I rebooted again successfully, and for a while all seemed normal.

 

One symptom of the infection is "bad" links on google. A google search that returns a link to cnet actually leads to "happili.com". For a short while after I ran SuperAntiSpyware, this stopped happening. But then it started again, so I guess SAS didn't fix it.

 

Another blue screen occcurred after the malwarebytes reboot.

 

1. SuperAntiSpyWare

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/07/2012 at 05:29 PM

 

Application Version : 5.0.1146

 

Core Rules Database Version : 8424

Trace Rules Database Version: 6236

 

Scan type : Quick Scan

Total Scan Time : 00:03:37

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

 

Memory items scanned : 589

Memory threats detected : 0

Registry items scanned : 54266

Registry threats detected : 20

File items scanned : 14772

File threats detected : 219

 

PUP.StartNow Toolbar

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#ProgID

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#VersionIndependentProgID

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#TypeLib

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\Programmable

C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_images.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_news.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_web.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_games.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

C:\Program Files (x86)\StartNow Toolbar\Resources\images

C:\Program Files (x86)\StartNow Toolbar\Resources\installer.xml

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\index.html

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.css

C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.js

C:\Program Files (x86)\StartNow Toolbar\Resources\protect

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\index.html

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.css

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.js

C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\separator.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\splitter.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

C:\Program Files (x86)\StartNow Toolbar\Resources\skin

C:\Program Files (x86)\StartNow Toolbar\Resources\toolbar.xml

C:\Program Files (x86)\StartNow Toolbar\Resources\update.xml

C:\Program Files (x86)\StartNow Toolbar\Resources

C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files (x86)\StartNow Toolbar\uninstall.dat

C:\Program Files (x86)\StartNow Toolbar

(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

(x86) HKU\S-1-5-21-955009314-1080409165-635159600-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}#ProgID

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}#VersionIndependentProgID

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}#TypeLib

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}\InprocServer32

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}\Programmable

(x86) HKU\S-1-5-21-955009314-1080409165-635159600-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5911488E-9D1E-40ec-8CBB-06B231CC153F}

 

Adware.Tracking Cookie

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\3XZ592Z2.txt [ /adbrite.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\5CTFQ0XL.txt [ /ad2.adfarm1.adition.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\OOAZXVKT.txt [ /accounts.google.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\9LUFXNQU.txt [ /adfarm1.adition.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\RGTFHA27.txt [ /lucidmedia.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\1VYGFD2O.txt [ /serving-sys.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\XDUN30IU.txt [ /casalemedia.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\VITO2IEE.txt [ /c1.atdmt.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\59W7YDIT.txt [ /ads.undertone.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\4D90YIJW.txt [ /fastclick.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\8DPZVT8U.txt [ /counters.gigya.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\86C7M0FB.txt [ /ad.yieldmanager.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\IGMLY9WQ.txt [ /adserver.adtechus.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\R3OY6L68.txt [ /invitemedia.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\U540N1I9.txt [ /collective-media.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\NVU69PQS.txt [ /adxpose.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\UULJ2VV7.txt [ /rotator.hadj7.adjuggler.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\6EGZYVNZ.txt [ /specificclick.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\F2Q0INKG.txt [ /ru4.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\93YCZHIB.txt [ /tribalfusion.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\P3QUD5FG.txt [ /revsci.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\QSY1OOUJ.txt [ /zedo.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\R61JQH9K.txt [ /mediaplex.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\5KYNJ20V.txt [ /media6degrees.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\B6LLIWUI.txt [ /atdmt.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\TTWEUF8G.txt [ /hpi.rotator.hadj7.adjuggler.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\SOAABFKH.txt [ /questionmarket.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\4Z02K1AE.txt [ /media.mercola.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\GS6LK3DA.txt [ /apmebf.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\HLCD09K0.txt [ /accounts.youtube.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\K62S0N8F.txt [ /imrworldwide.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\VMKT7FZ1.txt [ /doubleclick.net ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\YR8WNPPW.txt [ /advertising.com ]

C:\Users\bplmurphy\AppData\Roaming\Microsoft\Windows\Cookies\THILLPJM.txt [ /hardincountyconservatives.blogspot.com ]

C:\USERS\BPLMURPHY\AppData\Roaming\Microsoft\Windows\Cookies\2L4OPXK9.txt [ Cookie:bplmurphy@google.com/accounts/ ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.imrworldwide.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.imrworldwide.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

counters.gigya.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.intermundomedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.intermundomedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zgstats.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ads.pointroll.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.c.atdmt.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.c.atdmt.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.media6degrees.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adbrite.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.yieldmanager.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

statse.webtrendslive.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adinterax.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

accounts.google.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

accounts.google.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

accounts.google.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.247realmedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adinterax.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.adxpose.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.interclick.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.akamai.interclickproxy.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.bs.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.zedo.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.insightexpressai.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.insightexpressai.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.insightexpressai.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pro-market.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.pro-market.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.lucidmedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.invitemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.a1.interclick.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.apmebf.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.apmebf.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.questionmarket.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.questionmarket.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.collective-media.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\3XZ592Z2.txt [ Cookie:bplmurphy@adbrite.com/ ]

C:\USERS\BPLMURPHY\Cookies\5CTFQ0XL.txt [ Cookie:bplmurphy@ad2.adfarm1.adition.com/ ]

publishers.domainadvertising.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\OOAZXVKT.txt [ Cookie:bplmurphy@accounts.google.com/ ]

.tribalfusion.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\2L4OPXK9.txt [ Cookie:bplmurphy@google.com/accounts/ ]

C:\USERS\BPLMURPHY\Cookies\XDUN30IU.txt [ Cookie:bplmurphy@casalemedia.com/ ]

C:\USERS\BPLMURPHY\Cookies\VITO2IEE.txt [ Cookie:bplmurphy@c1.atdmt.com/ ]

C:\USERS\BPLMURPHY\Cookies\4D90YIJW.txt [ Cookie:bplmurphy@fastclick.net/ ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\8DPZVT8U.txt [ Cookie:bplmurphy@counters.gigya.com/ ]

.interclick.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.fastclick.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\86C7M0FB.txt [ Cookie:bplmurphy@ad.yieldmanager.com/ ]

C:\USERS\BPLMURPHY\Cookies\IGMLY9WQ.txt [ Cookie:bplmurphy@adserver.adtechus.com/ ]

C:\USERS\BPLMURPHY\Cookies\R3OY6L68.txt [ Cookie:bplmurphy@invitemedia.com/ ]

C:\USERS\BPLMURPHY\Cookies\U540N1I9.txt [ Cookie:bplmurphy@collective-media.net/ ]

.doubleclick.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\UULJ2VV7.txt [ Cookie:bplmurphy@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt63689 ]

C:\USERS\BPLMURPHY\Cookies\6EGZYVNZ.txt [ Cookie:bplmurphy@specificclick.net/ ]

C:\USERS\BPLMURPHY\Cookies\93YCZHIB.txt [ Cookie:bplmurphy@tribalfusion.com/ ]

.dmtracker.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\P3QUD5FG.txt [ Cookie:bplmurphy@revsci.net/ ]

C:\USERS\BPLMURPHY\Cookies\QSY1OOUJ.txt [ Cookie:bplmurphy@zedo.com/ ]

C:\USERS\BPLMURPHY\Cookies\R61JQH9K.txt [ Cookie:bplmurphy@mediaplex.com/ ]

C:\USERS\BPLMURPHY\Cookies\5KYNJ20V.txt [ Cookie:bplmurphy@media6degrees.com/ ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.revsci.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.casalemedia.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\4Z02K1AE.txt [ Cookie:bplmurphy@media.mercola.com/ ]

C:\USERS\BPLMURPHY\Cookies\GS6LK3DA.txt [ Cookie:bplmurphy@apmebf.com/ ]

.adbrite.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

ad.yieldmanager.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\HLCD09K0.txt [ Cookie:bplmurphy@accounts.youtube.com/accounts ]

C:\USERS\BPLMURPHY\Cookies\K62S0N8F.txt [ Cookie:bplmurphy@imrworldwide.com/cgi-bin ]

.microsoftwindows.112.2o7.net [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.c1.atdmt.com [ C:\USERS\BPLMURPHY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

C:\USERS\BPLMURPHY\Cookies\THILLPJM.txt [ Cookie:bplmurphy@hardincountyconservatives.blogspot.com/ ]

 

2. Malwarebytes

 

Malwarebytes Anti-Malware 1.60.1.1000

http://www.malwarebytes.org

 

Database version: v2012.04.07.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

bplmurphy :: BPLMURPHY-HP [administrator]

 

4/7/2012 5:45:28 PM

mbam-log-2012-04-07 (17-45-28).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 391116

Time elapsed: 1 hour(s), 21 minute(s), 47 second(s)

 

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2224 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

 

(end)

 

3. DDS.txt

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by bplmurphy at 19:25:19 on 2012-04-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3570 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

-netsvcs

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: MRI_DISABLED - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {A060276A-53BE-45EC-8EBE-B94B1E803179} - No File

uRun: [Google Update] "C:\Users\bplmurphy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Free YouTube to MP3 Converter - C:\Users\bplmurphy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{56CF44DF-2145-4A2F-ACB2-5D1B645F9EED} : DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{A504DBBB-12E0-46C9-A26F-6353CF4B91FA} : DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{A504DBBB-12E0-46C9-A26F-6353CF4B91FA}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A504DBBB-12E0-46C9-A26F-6353CF4B91FA}\D4572707869737 : DhcpNameServer = 213.109.65.139 213.109.77.111 1.1.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: MRI_DISABLED - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

BHO-X64: Norton Safe Web Lite BHO - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {A060276A-53BE-45EC-8EBE-B94B1E803179} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-6 488568]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-4-7 821592]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]

R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-7-31 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]

S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-4-7 21384]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]

S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-4-7 33184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-4-7 21872]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;C:\Windows\system32\DRIVERS\WUSB54GCv3.sys --> C:\Windows\system32\DRIVERS\WUSB54GCv3.sys [?]

.

=============== Created Last 30 ================

.

2012-04-07 23:16:13 20480 ----a-w- C:\Windows\svchost.exe

2012-04-07 21:23:16 -------- d-----w- C:\Users\bplmurphy\AppData\Roaming\SUPERAntiSpyware.com

2012-04-07 21:22:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-07 21:22:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-04-07 17:53:31 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8152C8B3-3515-421B-9A30-1FB1AE016566}\offreg.dll

2012-04-07 17:32:12 110080 ----a-r- C:\Users\bplmurphy\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe

2012-04-07 17:32:12 110080 ----a-r- C:\Users\bplmurphy\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe

2012-04-07 17:32:12 110080 ----a-r- C:\Users\bplmurphy\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe

2012-04-07 17:32:11 -------- d-----w- C:\sh4ldr

2012-04-07 17:32:11 -------- d-----w- C:\Program Files\Enigma Software Group

2012-04-07 17:28:42 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

2012-04-07 17:28:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-04-07 17:11:07 -------- d-----w- C:\Users\bplmurphy\AppData\Roaming\Tific

2012-04-07 16:14:26 6637392 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-07 16:14:23 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8152C8B3-3515-421B-9A30-1FB1AE016566}\mpengine.dll

2012-04-07 15:44:01 -------- d-----w- C:\Users\bplmurphy\AppData\Roaming\IObit

2012-04-07 15:43:59 -------- d-----w- C:\Program Files (x86)\IObit

2012-03-15 07:02:01 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 07:02:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 07:02:00 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 07:00:01 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 06:59:57 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 06:59:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 06:59:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 06:59:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 06:59:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 06:59:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 06:59:08 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 06:59:08 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 06:59:08 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 19:28:37.04 ===============

[melos]

4. Attach.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/17/2010 10:42:12 AM

System Uptime: 4/7/2012 7:14:21 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | VIOLET6

Processor: AMD Athlon II X4 630 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 871.481 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.587 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Adobe AIR

Adobe Download Manager

Adobe Reader X (10.1.1)

Amazon Kindle

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Software Update

Audacity 1.2.6

CheckbookEase2_1

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

Free PDF Tablet 0.1

Free YouTube to MP3 Converter version 3.10.15.1228

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.2.0

HiJackThis

HijackThis 2.0.2

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

Hulu Desktop

IObit Malware Fighter

Java Auto Updater

Java 6 Update 27

Junk Mail filter update

LabelPrint

LAME v3.98.3 for Audacity

LibreOffice 3.4

LibreOffice 3.4 Help Pack (English)

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NETGEAR WG311v3 PCI Adapter

Norton AntiVirus

Norton Safe Web Lite

Octoshape add-in for Adobe Flash Player

PictureMover

Power2Go

PowerDirector

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SnpMap

SnpMap 1.0.4

StartNow Toolbar

TD AMERITRADE StrategyDesk 3.4

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnhiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnhiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

4/7/2012 7:23:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

4/7/2012 7:15:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ac532f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-52197-01.

4/7/2012 5:35:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:35:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/7/2012 5:35:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/7/2012 5:35:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/7/2012 5:35:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/7/2012 5:35:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/7/2012 5:35:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/7/2012 5:35:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SYMTDIv tdx Wanarpv6 WfpLwf

4/7/2012 5:35:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/7/2012 5:35:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:35:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:35:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:35:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:35:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 5:34:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a6c32f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040712-21964-01.

4/7/2012 5:34:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/7/2012 5:34:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/7/2012 5:34:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/7/2012 5:34:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/7/2012 3:06:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

4/7/2012 3:06:45 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 12:20:44 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

4/7/2012 12:19:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled.

4/7/2012 12:19:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.

4/7/2012 12:19:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.

4/7/2012 12:19:39 PM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 12:19:39 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

4/7/2012 12:19:39 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

4/7/2012 12:19:39 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

4/7/2012 12:19:39 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

4/7/2012 12:07:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/7/2012 12:05:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/7/2012 12:01:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.

4/7/2012 12:01:21 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 11:55:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DHCP Client service to connect.

4/7/2012 11:55:21 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 11:55:21 AM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 11:55:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.

4/7/2012 11:55:20 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started.

4/7/2012 11:55:20 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

4/7/2012 11:55:20 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:55:18 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/7/2012 11:49:51 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.

.

==== End Of File ===========================

[Superdave]

Download BlueScreenView to your desktop.

BlueScreenView

unzip downloaded file and double click on BlueScreenView.exe to run the program.

when scanning is done, go to EDIT - Select All

Go to FILE - SAVE Selected Items, and save the report as BSOD.txt

Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.

***************************************************

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
   
  You will see the following image:
  

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[melos]

I'm having trouble turning Norton off. I disabled Norton Security according to the instructions you gave, and the taskbar icon shows a red circle with a white crosee over the Norton icon, but combo fix shows a popup saysing "antispyware: Norton Antivirus the above real time scanners are still active but Combo Fix shall continue to run. Kindly note that this is at your own risk." There's an OK button, but not "NO" button! Help what do I do?

[melos]

I went ahead anyway, because I'm desperate to get rid of this thing. Combofix started, but I was never prompted to install Recovery Console. Combofix worked for a while, then apparently shut the computer down by itself, on boot up, it blue screened twice. I then booted into safe mode and got a windows pop up that it could boot normally. I then tried a regular boot and it seemed to work. I checked for C:\ComboFix.txt, but didn't see any file with that name in C:\. The executable is there, but no text file. I'll copy and paste the BSOD.txt you asked for (prior to using combofix) below.

 

I re-enabled Norton. The taskbar icon is green ("protected"), but the norton antivirus window is showing the X in a red circle ("At Risk"), with a "Fix Now" button beneath. When I click it, nothing appears to happen.

 

BSOD.txt

 

==================================================

Dump File : 040712-52197-01.dmp

Crash Time : 4/7/2012 7:15:21 PM

Bug Check String : KMODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x0000001e

Parameter 1 : ffffffff`c0000005

Parameter 2 : fffff800`02ac532f

Parameter 3 : 00000000`00000000

Parameter 4 : 00000000`7efa0000

Caused By Driver : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+7cd40

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.1.7601.17727 (win7sp1_gdr.111118-2330)

Processor : x64

Crash Address : ntoskrnl.exe+7cd40

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\040712-52197-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 7601

Dump File Size : 293,280

==================================================

 

==================================================

Dump File : 040712-21964-01.dmp

Crash Time : 4/7/2012 5:34:56 PM

Bug Check String : KMODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x0000001e

Parameter 1 : ffffffff`c0000005

Parameter 2 : fffff800`02a6c32f

Parameter 3 : 00000000`00000000

Parameter 4 : 00000000`7efa0000

Caused By Driver : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+7cd40

File Description : NT Kernel & System

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 6.1.7601.17727 (win7sp1_gdr.111118-2330)

Processor : x64

Crash Address : ntoskrnl.exe+7cd40

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\Windows\Minidump\040712-21964-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 7601

Dump File Size : 293,224

==================================================

[melos]

Dave, someone on bleepingcomputer.com is saying that Norton Power Eraser from symantec worked for him in gettting rid of his problem, which, like mine, is characterized by redirects to happili.com:

 

http://www.bleepingcomputer.com/forums/topic449289.html

 

Is this something worth trying? I'm pretty desperate to get this computer working before Monday. I can understand you may not want to work on a holiday, but could you just let me know if you won't be able to help today so that I can try other avenues? I'll wait a few hours for your reply before trying anything else. Thanks!

[Superdave]

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

[melos]

Dave, thank you for your help. I was really under a time deadline, so I took matters into my own hands about an hour and a half ago. Norton Power Eraser killed it, and a malwarebytes scan confirmed that it was gone.