In late January/early February my company-owned Dell Lattitude E6410 laptop (running Win XP) unexpectedly quit - no blue screen, it just decided to "fade to black" after what appeared to be a routine system update. After rebooting I got an error message that the "action could not be carried out" and that the explorer.exe file could not be found. I was not subsequently able to bring up the laptop for any period of time and could not get any additional information.
Being so close to the support end date for XP I reported the dead laptop to my exployer's (off-shore) IT staff and asked about installation of a currently supported OS. By the first week of April, I had Win 7 installed and operable with the exception of Internet access, which took another 2 weeks.
Then, about the second time I brought up IE, my specified home page was replaced by "V9.com" and no matter how many times I redefined my desired home page (following the appropriate directions for changing Internet settings) the V9 page displayed. An Internet search indicated the probability that my browser had been hijacked but gave no additional helpful information. I began using other browsers for Internet connectivity because I cannot work without online capability, recognizing that I still needed to fix the hi-jack problem. (My personal laptop was/is running XP and I cannot have both machines down at the same time.)
Then things went further downhill. The key number for my MS Office Professional Plus software has disappeared.
![]()
![]()
The above are typical of the messages I am getting.
I have not gone back to my employer's IT support staff for them to re-enter the license because I believe I am at risk of the info going AWOL again until the virus/hi-jack problem is resolved. The IT staff will insist on accessing my laptop remotely to re-enter the license info and I cannot expose the company to any virus or similar destructive software on the company laptop.
After the MS software license info disappeared I took a careful look at the executable files on the Dell. I found some "*.exe" files with "motorola" in the file (or folder) name that appeared to be related to V9 (another Internet search identified this virus/hi-jacker using the Motorola name along with the V9 moniker) and I revised the file names in an attempt to prevent these files from being executed and doing more damage. I thought I might be able to uninstall or delete these questionable files, but each time I got a message asking for confirmation that I wanted to delete "explorer.exe" so I cancelled out. Somehow, the renamed files/folders have since disappeared. Now I never know what is liable to happen when I turn on the Dell.
In short, this is a huge mess and at this point, I am more than willing to wipe the entire drive and reload the disks I got from the off-shore support staff.
I carefully read the instructions on what to do before posting this request for help, and hope this is what you need. I will correct or re-do anything that's needed. I've been using PCs for 30+ years without ever running into this type of situation and will appreciate whatever assistance is offered.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by SDunham at 18:49:24 on 2014-05-14
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3510.2104 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\nfsclnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396490571&from=amt&uid=WDCXWD2500BEKT-75A25T0_WD-WX11A90C0124C0124&q={searchTerms}
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396490571&from=amt&uid=WDCXWD2500BEKT-75A25T0_WD-WX11A90C0124C0124&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:49191;https=127.0.0.1:49191
uProxyOverride = <-loopback>
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
uRun: [DellSystemDetect] c:\users\sdunham\appdata\local\apps\2.0\6hlk51wa.pvx\p5k506kd.dxk\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [BrowserSafeguard] "c:\program files\browsersafeguard\BrowserSafeguard.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [MSCRM] "c:\program files\microsoft dynamics crm\client\configwizard\CrmForOutlookInstaller.exe" /activateaddin
mRun: [Wipro] "c:\program files\settings\WiproRunReg.vbs"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\sdunham\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{24DD371E-92A1-4F77-96E5-11422541E974} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.201.50.70 blr-ls-pool01.wipro.com
Hosts: 10.208.62.81 blr-ls-pool01.wipro.com
Hosts: 10.208.62.82 blr-ls-pool01.wipro.com
Hosts: 10.208.62.83 blr-ls-pool01.wipro.com
Hosts: 10.208.62.84 blr-ls-pool01.wipro.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sdunham\appdata\roaming\mozilla\firefox\profiles\ottc9biz.default\
FF - prefs.js: browser.startup.homepage - hxxps://gateway.wipro.com/|https://webmail.wipro.com/|http://www.freeweather.com/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 MpKslf653743a;MpKslf653743a;c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\MpKslf653743a.sys [2014-5-14 39464]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-4-25 807800]
R2 CrmSqlStartupSvc;CrmSqlStartupSvc;c:\program files\microsoft dynamics crm\client\bin\CrmSqlStartupSvc.exe [2010-6-10 23912]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2014-4-3 52736]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2014-5-5 65657]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-4 42672]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-4-1 270336]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-7-14 6814720]
R3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2014-4-3 201728]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-7-13 9216]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2014-4-3 87040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-11-8 56320]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-4-16 49856]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-14 108032]
S3 MSSQL$CRM;SQL Server (CRM);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-16 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2014-3-12 174592]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-16 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-2 1343400]
S4 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2014-05-15 00:54:16 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\MpKslf653743a.sys
2014-05-13 04:03:02 -------- d-----w- c:\program files\Settings
2014-05-13 04:02:59 -------- d-----w- c:\windows\Office2010
2014-05-13 04:02:00 -------- d-----w- c:\programdata\Applications
2014-05-13 03:52:20 -------- d-----w- c:\program files\Microsoft Dynamics CRM
2014-05-13 03:39:47 -------- d-----w- c:\program files\Application Updater
2014-05-13 03:39:46 -------- d-----w- c:\program files\pdfforge Toolbar
2014-05-13 03:39:46 -------- d-----w- c:\program files\common files\Spigot
2014-05-13 03:39:21 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2014-05-13 03:39:21 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2014-05-13 03:39:21 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2014-05-13 03:39:19 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-05-13 03:39:18 -------- d-----w- c:\program files\PDFCreator
2014-05-13 03:36:14 -------- d-----w- C:\certificate
2014-05-13 02:50:21 8050496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\mpengine.dll
2014-05-12 23:59:38 -------- d-----w- c:\users\sdunham\appdata\local\Proxy
2014-05-12 22:55:51 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-05-12 20:04:31 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d038d2c7-f1ce-4d20-8444-8ec5fe056e5b}\gapaengine.dll
2014-05-10 03:33:31 -------- d-----w- c:\program files\CMAK
2014-05-10 03:10:55 -------- d-----w- c:\windows\system32\msmq
2014-05-10 03:10:55 -------- d-----w- c:\windows\SUA
2014-05-10 00:28:39 18776 ----a-w- c:\windows\system32\roboot.exe
2014-05-10 00:28:35 -------- d-----w- c:\users\sdunham\appdata\roaming\systweak
2014-05-05 22:40:30 -------- d-----w- c:\users\sdunham\appdata\roaming\Motorola Mobility
2014-05-05 22:39:42 -------- d-----w- c:\program files\Motorola Mobility
2014-05-05 22:39:42 -------- d-----w- c:\program files\Motorola
2014-05-05 22:39:42 -------- d-----w- c:\program files\common files\MSSoap
2014-05-05 22:39:33 -------- d-----w- c:\program files\MSXML 4.0
2014-05-05 22:38:52 -------- d-----w- c:\program files\common files\Motorola Shared
2014-05-05 22:38:10 -------- d-----w- c:\users\sdunham\appdata\roaming\Motorola
2014-05-05 21:42:39 -------- d-----w- c:\users\sdunham\appdata\local\BrowserSafeguard
2014-05-05 21:41:10 8050496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-02 18:12:58 -------- d-----w- c:\users\sdunham\appdata\local\_
2014-05-02 16:05:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-30 19:53:25 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-30 19:53:06 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-30 19:53:06 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\roaming\Profiles
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\roaming\Crash Reports
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\local\Profiles
2014-04-24 19:39:18 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-04-18 21:04:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 20:03:13 15584 ----a-w- c:\users\sdunham\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2014-04-17 20:14:39 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-04-17 03:28:19 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-17 03:28:19 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-17 03:28:16 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-17 03:28:16 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-17 03:28:16 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-17 03:27:49 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-17 03:27:48 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-17 03:27:47 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-17 03:27:47 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-04-17 03:27:47 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-17 03:27:46 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-04-17 03:27:46 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-04-17 03:27:46 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-04-17 03:27:46 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-04-17 03:27:46 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-04-17 03:27:46 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-04-17 03:27:26 -------- d-----w- c:\program files\DellTPad
2014-04-17 03:26:55 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-17 03:26:54 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-17 03:06:42 -------- d-----w- c:\windows\en
2014-04-17 03:06:14 49856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-04-17 03:02:45 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-04-17 03:02:45 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-04-17 03:02:45 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-04-17 03:02:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-17 03:02:06 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-04-17 03:01:30 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-04-17 03:01:04 6081224 -c--a-w- c:\program files\common files\windows live\.cache\34a05ff21cf59e904\onedrivesetup.exe
2014-04-17 03:01:04 -------- d-----w- c:\program files\Microsoft OneDrive
2014-04-17 03:01:03 -------- d-----r- c:\users\sdunham\OneDrive
2014-04-17 03:00:48 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-04-17 03:00:35 89944 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\DSETUP.dll
2014-04-17 03:00:35 537432 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\DXSETUP.exe
2014-04-17 03:00:35 1801048 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\dsetup32.dll
2014-04-17 03:00:29 94040 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\DSETUP.dll
2014-04-17 03:00:29 525656 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\DXSETUP.exe
2014-04-17 03:00:29 1691480 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\dsetup32.dll
2014-04-17 03:00:22 89944 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\DSETUP.dll
2014-04-17 03:00:22 537432 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\DXSETUP.exe
2014-04-17 03:00:22 1801048 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\dsetup32.dll
2014-04-17 02:59:55 -------- d-----w- c:\users\sdunham\appdata\local\Windows Live
2014-04-17 02:59:15 -------- d-----w- c:\program files\common files\Windows Live
2014-04-15 22:47:52 -------- d-sh--w- c:\users\sdunham\appdata\local\EmieUserList
2014-04-15 22:47:52 -------- d-sh--w- c:\users\sdunham\appdata\local\EmieSiteList
.
==================== Find3M ====================
.
2014-05-13 23:06:56 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 23:06:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 17:29:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-04-05 03:51:27 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-05 03:48:52 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-03 21:59:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-04-01 04:41:40 58568 ----a-w- c:\windows\system32\sirenacm.dll
2014-04-01 04:34:22 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 18:49:33.64 ===============
Being so close to the support end date for XP I reported the dead laptop to my exployer's (off-shore) IT staff and asked about installation of a currently supported OS. By the first week of April, I had Win 7 installed and operable with the exception of Internet access, which took another 2 weeks.
Then, about the second time I brought up IE, my specified home page was replaced by "V9.com" and no matter how many times I redefined my desired home page (following the appropriate directions for changing Internet settings) the V9 page displayed. An Internet search indicated the probability that my browser had been hijacked but gave no additional helpful information. I began using other browsers for Internet connectivity because I cannot work without online capability, recognizing that I still needed to fix the hi-jack problem. (My personal laptop was/is running XP and I cannot have both machines down at the same time.)
Then things went further downhill. The key number for my MS Office Professional Plus software has disappeared.
The above are typical of the messages I am getting.
I have not gone back to my employer's IT support staff for them to re-enter the license because I believe I am at risk of the info going AWOL again until the virus/hi-jack problem is resolved. The IT staff will insist on accessing my laptop remotely to re-enter the license info and I cannot expose the company to any virus or similar destructive software on the company laptop.
After the MS software license info disappeared I took a careful look at the executable files on the Dell. I found some "*.exe" files with "motorola" in the file (or folder) name that appeared to be related to V9 (another Internet search identified this virus/hi-jacker using the Motorola name along with the V9 moniker) and I revised the file names in an attempt to prevent these files from being executed and doing more damage. I thought I might be able to uninstall or delete these questionable files, but each time I got a message asking for confirmation that I wanted to delete "explorer.exe" so I cancelled out. Somehow, the renamed files/folders have since disappeared. Now I never know what is liable to happen when I turn on the Dell.
In short, this is a huge mess and at this point, I am more than willing to wipe the entire drive and reload the disks I got from the off-shore support staff.
I carefully read the instructions on what to do before posting this request for help, and hope this is what you need. I will correct or re-do anything that's needed. I've been using PCs for 30+ years without ever running into this type of situation and will appreciate whatever assistance is offered.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by SDunham at 18:49:24 on 2014-05-14
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3510.2104 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\nfsclnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396490571&from=amt&uid=WDCXWD2500BEKT-75A25T0_WD-WX11A90C0124C0124&q={searchTerms}
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396490571&from=amt&uid=WDCXWD2500BEKT-75A25T0_WD-WX11A90C0124C0124&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:49191;https=127.0.0.1:49191
uProxyOverride = <-loopback>
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\9.1\pdfforgeToolbarIE.dll
uRun: [DellSystemDetect] c:\users\sdunham\appdata\local\apps\2.0\6hlk51wa.pvx\p5k506kd.dxk\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [BrowserSafeguard] "c:\program files\browsersafeguard\BrowserSafeguard.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [MSCRM] "c:\program files\microsoft dynamics crm\client\configwizard\CrmForOutlookInstaller.exe" /activateaddin
mRun: [Wipro] "c:\program files\settings\WiproRunReg.vbs"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\sdunham\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{24DD371E-92A1-4F77-96E5-11422541E974} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.201.50.70 blr-ls-pool01.wipro.com
Hosts: 10.208.62.81 blr-ls-pool01.wipro.com
Hosts: 10.208.62.82 blr-ls-pool01.wipro.com
Hosts: 10.208.62.83 blr-ls-pool01.wipro.com
Hosts: 10.208.62.84 blr-ls-pool01.wipro.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sdunham\appdata\roaming\mozilla\firefox\profiles\ottc9biz.default\
FF - prefs.js: browser.startup.homepage - hxxps://gateway.wipro.com/|https://webmail.wipro.com/|http://www.freeweather.com/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 MpKslf653743a;MpKslf653743a;c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\MpKslf653743a.sys [2014-5-14 39464]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-4-25 807800]
R2 CrmSqlStartupSvc;CrmSqlStartupSvc;c:\program files\microsoft dynamics crm\client\bin\CrmSqlStartupSvc.exe [2010-6-10 23912]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2014-4-3 52736]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2014-5-5 65657]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-4 42672]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-4-1 270336]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-7-14 6814720]
R3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2014-4-3 201728]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-7-13 9216]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2014-4-3 87040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-11-8 56320]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-4-16 49856]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-14 108032]
S3 MSSQL$CRM;SQL Server (CRM);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-16 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2014-3-12 174592]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-16 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-2 1343400]
S4 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2014-05-15 00:54:16 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\MpKslf653743a.sys
2014-05-13 04:03:02 -------- d-----w- c:\program files\Settings
2014-05-13 04:02:59 -------- d-----w- c:\windows\Office2010
2014-05-13 04:02:00 -------- d-----w- c:\programdata\Applications
2014-05-13 03:52:20 -------- d-----w- c:\program files\Microsoft Dynamics CRM
2014-05-13 03:39:47 -------- d-----w- c:\program files\Application Updater
2014-05-13 03:39:46 -------- d-----w- c:\program files\pdfforge Toolbar
2014-05-13 03:39:46 -------- d-----w- c:\program files\common files\Spigot
2014-05-13 03:39:21 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2014-05-13 03:39:21 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2014-05-13 03:39:21 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2014-05-13 03:39:19 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-05-13 03:39:18 -------- d-----w- c:\program files\PDFCreator
2014-05-13 03:36:14 -------- d-----w- C:\certificate
2014-05-13 02:50:21 8050496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03ee215b-26cd-4c85-a1aa-3249ce87947c}\mpengine.dll
2014-05-12 23:59:38 -------- d-----w- c:\users\sdunham\appdata\local\Proxy
2014-05-12 22:55:51 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-05-12 20:04:31 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d038d2c7-f1ce-4d20-8444-8ec5fe056e5b}\gapaengine.dll
2014-05-10 03:33:31 -------- d-----w- c:\program files\CMAK
2014-05-10 03:10:55 -------- d-----w- c:\windows\system32\msmq
2014-05-10 03:10:55 -------- d-----w- c:\windows\SUA
2014-05-10 00:28:39 18776 ----a-w- c:\windows\system32\roboot.exe
2014-05-10 00:28:35 -------- d-----w- c:\users\sdunham\appdata\roaming\systweak
2014-05-05 22:40:30 -------- d-----w- c:\users\sdunham\appdata\roaming\Motorola Mobility
2014-05-05 22:39:42 -------- d-----w- c:\program files\Motorola Mobility
2014-05-05 22:39:42 -------- d-----w- c:\program files\Motorola
2014-05-05 22:39:42 -------- d-----w- c:\program files\common files\MSSoap
2014-05-05 22:39:33 -------- d-----w- c:\program files\MSXML 4.0
2014-05-05 22:38:52 -------- d-----w- c:\program files\common files\Motorola Shared
2014-05-05 22:38:10 -------- d-----w- c:\users\sdunham\appdata\roaming\Motorola
2014-05-05 21:42:39 -------- d-----w- c:\users\sdunham\appdata\local\BrowserSafeguard
2014-05-05 21:41:10 8050496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-02 18:12:58 -------- d-----w- c:\users\sdunham\appdata\local\_
2014-05-02 16:05:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-30 19:53:25 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-30 19:53:06 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-30 19:53:06 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\roaming\Profiles
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\roaming\Crash Reports
2014-04-29 00:18:29 -------- d-----w- c:\users\sdunham\appdata\local\Profiles
2014-04-24 19:39:18 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-04-18 21:04:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 20:03:13 15584 ----a-w- c:\users\sdunham\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2014-04-17 20:14:39 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-04-17 03:28:19 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-17 03:28:19 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-17 03:28:16 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-17 03:28:16 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-17 03:28:16 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-17 03:27:49 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-17 03:27:48 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-17 03:27:47 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-17 03:27:47 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-04-17 03:27:47 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-17 03:27:46 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-04-17 03:27:46 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-04-17 03:27:46 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-04-17 03:27:46 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-04-17 03:27:46 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-04-17 03:27:46 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-04-17 03:27:26 -------- d-----w- c:\program files\DellTPad
2014-04-17 03:26:55 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-17 03:26:54 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-17 03:06:42 -------- d-----w- c:\windows\en
2014-04-17 03:06:14 49856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-04-17 03:02:45 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-04-17 03:02:45 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-04-17 03:02:45 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-04-17 03:02:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-17 03:02:06 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-04-17 03:01:30 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-04-17 03:01:04 6081224 -c--a-w- c:\program files\common files\windows live\.cache\34a05ff21cf59e904\onedrivesetup.exe
2014-04-17 03:01:04 -------- d-----w- c:\program files\Microsoft OneDrive
2014-04-17 03:01:03 -------- d-----r- c:\users\sdunham\OneDrive
2014-04-17 03:00:48 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-04-17 03:00:35 89944 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\DSETUP.dll
2014-04-17 03:00:35 537432 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\DXSETUP.exe
2014-04-17 03:00:35 1801048 -c--a-w- c:\program files\common files\windows live\.cache\319d22191cf59e903\dsetup32.dll
2014-04-17 03:00:29 94040 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\DSETUP.dll
2014-04-17 03:00:29 525656 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\DXSETUP.exe
2014-04-17 03:00:29 1691480 -c--a-w- c:\program files\common files\windows live\.cache\2d64715c1cf59e902\dsetup32.dll
2014-04-17 03:00:22 89944 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\DSETUP.dll
2014-04-17 03:00:22 537432 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\DXSETUP.exe
2014-04-17 03:00:22 1801048 -c--a-w- c:\program files\common files\windows live\.cache\2a4bc7211cf59e901\dsetup32.dll
2014-04-17 02:59:55 -------- d-----w- c:\users\sdunham\appdata\local\Windows Live
2014-04-17 02:59:15 -------- d-----w- c:\program files\common files\Windows Live
2014-04-15 22:47:52 -------- d-sh--w- c:\users\sdunham\appdata\local\EmieUserList
2014-04-15 22:47:52 -------- d-sh--w- c:\users\sdunham\appdata\local\EmieSiteList
.
==================== Find3M ====================
.
2014-05-13 23:06:56 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 23:06:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 17:29:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-04-05 03:51:27 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-05 03:48:52 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-03 21:59:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-04-01 04:41:40 58568 ----a-w- c:\windows\system32\sirenacm.dll
2014-04-01 04:34:22 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 18:49:33.64 ===============