Hello, I was using my Dad's computer to print something when I noticed a very funny default homepage for Firefox. something to do with "Rival Gaming" an addon I have disabled but not been able to delete this far. None of the instructions I found on removing this addon worked, and when I tried to scan with Malwarebytes it would not update. I tried uninstalling and reinstalling but it still will not update. I found instructions on updating it manually, but it was still outdated by 10 days, and even though a scan at that point revealed one infection which I removed, it still will not update. I tried copying and pasting the database and rules files from an up to date clean computer's malwarebytes, and a full scan revealed no infections, but it still will not update.
Additionally, I noticed that Windows Firewall is disabled, and all attempts to enable it have yielded an error message. This seems to indicate that this machine has a malware problem :(
I hope I have written this post correctly according to forum specifications, if I have not done so I apologize ahead of time and will modify it as directed. The DDS text is listed below, and the attach.zip and ark.zip are attached as well.
Thanks very much! Charlie
Here are the specs on my Dad's computer (I built it for him a few years ago):
OS Windows 7 Ultimate 32
CPU - AMD Phenom II X2 555 Black Edition Callisto 3.2GHz
MB - MSI 870-G45 AM3 770 ATX AMD Motherboard
RAM - G.SKILL Ripjaws Series 4GB (2x2) DDR3 SDRAM DDR3 1600 Desktop Memory Model F3-12800CL9D-4GBRL
HD - Western Digital Caviar Blue 640 GB
GPU - Nvidia BFG 9600 + OC
Case - Rosewill Destroyer
Here is the DDS text:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611
Run by Phil at 17:22:26 on 2013-06-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1966 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Public\AppData\eMuleMorphXT\conime.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Public\AppData\Aobj\ctfldr.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_S5B68.tmp" /EF "HKCU"
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\{729e5~1.lnk - c:\windows\system32\rundll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{17D82987-78E4-42F6-B9CD-E2A334401494} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{17D82987-78E4-42F6-B9CD-E2A334401494}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C23CB700-6D3A-4A57-B0D7-DA00BE270C7D} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\phil\appdata\roaming\mozilla\firefox\profiles\ppp05ntb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Bing
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 {729E5712-EDFB-47fe-9C5E-F3C142D7E511};{729E5712-EDFB-47fe-9C5E-F3C142D7E511};c:\users\public\{729E5712-EDFB-47fe-9C5E-F3C142D7E511}.sys [2012-12-16 1812424]
R1 MpKsl7d109464;MpKsl7d109464;c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\MpKsl7d109464.sys [2013-6-13 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-22 21992]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-9-19 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-9-19 121856]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-12-22 58368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-12-22 30392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-22 1150880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\bcmusbdhdlh.sys [2010-12-22 241656]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eeye digital security\retina wireless scanner\PCANDIS5_WIFISCAN.SYS [2004-6-3 22131]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-12 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-12 49664]
.
=============== Created Last 30 ================
.
2013-06-13 20:51:46 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\offreg.dll
2013-06-13 20:51:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\MpKsl7d109464.sys
2013-06-13 20:40:11 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 20:40:11 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-13 20:37:03 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 20:37:02 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 20:36:58 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 20:36:57 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 20:36:57 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 20:36:54 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 20:36:54 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 20:36:54 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 20:36:54 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 20:36:54 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 20:36:52 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 20:36:19 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 20:33:13 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\mpengine.dll
2013-06-13 20:18:05 -------- d-----w- c:\program files\ESET
2013-06-12 20:44:55 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-23 04:03:40 1294336 ----a-w- c:\windows\system32\vorbis.acm
2013-05-23 04:03:39 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2013-05-23 04:03:39 413760 ----a-w- c:\windows\system32\DivXc32.dll
2013-05-22 21:00:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 21:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 20:59:57 -------- d-----w- c:\users\phil\appdata\local\Programs
2013-05-21 22:56:14 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-21 22:56:14 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 22:56:12 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-21 22:56:12 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-21 22:56:11 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 22:56:09 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-21 22:56:09 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-21 22:56:09 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-21 03:53:56 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f26be908-2428-425d-b0ae-257554a31f4c}\gapaengine.dll
2013-05-20 04:47:59 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2013-06-12 20:43:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 20:43:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-02 22:23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 17:22:48.03 ===============
Additionally, I noticed that Windows Firewall is disabled, and all attempts to enable it have yielded an error message. This seems to indicate that this machine has a malware problem :(
I hope I have written this post correctly according to forum specifications, if I have not done so I apologize ahead of time and will modify it as directed. The DDS text is listed below, and the attach.zip and ark.zip are attached as well.
Thanks very much! Charlie
Here are the specs on my Dad's computer (I built it for him a few years ago):
OS Windows 7 Ultimate 32
CPU - AMD Phenom II X2 555 Black Edition Callisto 3.2GHz
MB - MSI 870-G45 AM3 770 ATX AMD Motherboard
RAM - G.SKILL Ripjaws Series 4GB (2x2) DDR3 SDRAM DDR3 1600 Desktop Memory Model F3-12800CL9D-4GBRL
HD - Western Digital Caviar Blue 640 GB
GPU - Nvidia BFG 9600 + OC
Case - Rosewill Destroyer
Here is the DDS text:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611
Run by Phil at 17:22:26 on 2013-06-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1966 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Public\AppData\eMuleMorphXT\conime.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Public\AppData\Aobj\ctfldr.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_S5B68.tmp" /EF "HKCU"
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\{729e5~1.lnk - c:\windows\system32\rundll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{17D82987-78E4-42F6-B9CD-E2A334401494} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{17D82987-78E4-42F6-B9CD-E2A334401494}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C23CB700-6D3A-4A57-B0D7-DA00BE270C7D} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\phil\appdata\roaming\mozilla\firefox\profiles\ppp05ntb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Bing
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 {729E5712-EDFB-47fe-9C5E-F3C142D7E511};{729E5712-EDFB-47fe-9C5E-F3C142D7E511};c:\users\public\{729E5712-EDFB-47fe-9C5E-F3C142D7E511}.sys [2012-12-16 1812424]
R1 MpKsl7d109464;MpKsl7d109464;c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\MpKsl7d109464.sys [2013-6-13 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-22 21992]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-9-19 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-9-19 121856]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-12-22 58368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-12-22 30392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-22 1150880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\bcmusbdhdlh.sys [2010-12-22 241656]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eeye digital security\retina wireless scanner\PCANDIS5_WIFISCAN.SYS [2004-6-3 22131]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-12 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-12 49664]
.
=============== Created Last 30 ================
.
2013-06-13 20:51:46 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\offreg.dll
2013-06-13 20:51:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\MpKsl7d109464.sys
2013-06-13 20:40:11 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 20:40:11 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-13 20:37:03 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 20:37:02 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 20:36:58 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 20:36:57 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 20:36:57 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 20:36:54 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 20:36:54 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 20:36:54 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 20:36:54 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 20:36:54 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 20:36:52 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 20:36:19 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 20:33:13 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f46f267-cce2-4d8e-b32b-d1fb0a4e1ebf}\mpengine.dll
2013-06-13 20:18:05 -------- d-----w- c:\program files\ESET
2013-06-12 20:44:55 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-23 04:03:40 1294336 ----a-w- c:\windows\system32\vorbis.acm
2013-05-23 04:03:39 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2013-05-23 04:03:39 413760 ----a-w- c:\windows\system32\DivXc32.dll
2013-05-22 21:00:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-22 21:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-22 20:59:57 -------- d-----w- c:\users\phil\appdata\local\Programs
2013-05-21 22:56:14 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-21 22:56:14 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 22:56:12 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-21 22:56:12 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-21 22:56:11 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 22:56:09 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-21 22:56:09 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-21 22:56:09 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-21 03:53:56 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f26be908-2428-425d-b0ae-257554a31f4c}\gapaengine.dll
2013-05-20 04:47:59 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2013-06-12 20:43:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 20:43:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-02 22:23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 17:22:48.03 ===============