I have developed a virus on my Win 7 desktop. Win 7 tells me it's the Win32/Small.ca virus. That notification disappeared from Action Center one day after the first posting. However, there is still evidence that some sort of virus is still present. This, I think, despite the fact that a half dozen so called anti virus/spyware/malware programs scanned the machine and could find nothing. No surprise there, I know.
Most computer functions continue to work. However, there has been an increasing number of BSODs, now almost every day. Also, there are two .exe programs running in Task Manage Processes that will not allow me to end the process, or to delete the files (Winlogon.exe and CSRSS.exe), or to even look at the Properties.
Enclosed and attached are the beginning scans you asked for. If I can be of further help, please let me know.
Wes
PS: the GMER scan is working. I'll post the results in a few minutes.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.21.2
Run by Terry at 10:34:13 on 2013-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.984 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Jarte\Jarte.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94C4001676285527&affID=122471&tsp=4966
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [NTRedirect] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Terry\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: LastPass - C:\Users\Terry\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Terry\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ED80F6C4-D432-453F-A510-0912A636D14F} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94C4001676285527&affID=122471&tsp=4966
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-23 07:53; support@lastpass.com; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\support@lastpass.com
FF - ExtSQL: 2013-07-30 09:16; {ada4b710-8346-4b82-8199-5de2b400a6ae}; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-08-06 09:33; ffxtlbr@delta.com; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\ffxtlbr@delta.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 94c406f0000000000000001676285527
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15923
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.09:33:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tsp=4966
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SafDskNT;SafeHouse;C:\Windows\System32\drivers\SAFDSKNT.SYS [2013-8-2 76112]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-8-6 2847696]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-6 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\LibreOffice 4.0\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-07 12:28:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{679FD129-741C-49BD-8BD7-2657EA4F9EC9}\mpengine.dll
2013-08-06 13:33:11 -------- d-----w- C:\Program Files (x86)\Delta
2013-08-06 13:32:42 -------- d-----w- C:\ProgramData\BrowserDefender
2013-08-06 13:32:33 -------- d-----w- C:\Users\Terry\AppData\Roaming\BabSolution
2013-08-06 13:32:32 -------- d-----w- C:\Program Files\Unlocker
2013-08-06 13:32:08 -------- d-----w- C:\ProgramData\Babylon
2013-08-06 13:32:06 -------- d-----w- C:\Users\Terry\AppData\Roaming\Babylon
2013-08-06 12:30:59 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-06 12:28:26 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-06 00:34:53 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-04 11:59:03 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-08-04 11:58:42 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2013-08-04 11:58:00 -------- d-----w- C:\Windows\PCHEALTH
2013-08-04 11:57:49 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-08-04 11:57:49 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-08-04 11:57:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-04 11:55:51 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\DXSETUP.exe
2013-08-04 11:55:51 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\dsetup32.dll
2013-08-04 11:55:50 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\DSETUP.dll
2013-08-04 11:55:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-08-03 10:46:25 -------- d-sh--w- C:\found.000
2013-08-02 17:39:47 76112 ----a-w- C:\Windows\System32\drivers\SAFDSKNT.SYS
2013-08-02 17:39:40 -------- d-----w- C:\SafeHouse
2013-08-02 17:39:40 -------- d-----w- C:\Program Files (x86)\SafeHouse Explorer
2013-07-20 12:58:08 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-07-20 12:58:07 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-07-20 12:58:07 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-20 12:58:07 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-07-20 12:58:06 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-07-20 12:58:05 920472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-07-20 12:58:05 3407256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-07-20 12:58:05 279448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-07-20 12:58:04 59288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-07-20 12:58:04 478104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-07-20 12:58:04 117144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-07-19 20:01:30 -------- d-----w- C:\Program Files\Sandboxie
2013-07-17 19:26:50 -------- d-----w- C:\Test folder for Rons flash drive
2013-07-17 00:54:15 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0386207-56DF-41AF-ADE5-9DE2261E729F}\gapaengine.dll
2013-07-11 11:00:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 10:59:28 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 10:59:28 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-06-15 09:07:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 09:07:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-28 13:34:52 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-11 10:05:16 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
.
============= FINISH: 10:35:38.67 ===============
Most computer functions continue to work. However, there has been an increasing number of BSODs, now almost every day. Also, there are two .exe programs running in Task Manage Processes that will not allow me to end the process, or to delete the files (Winlogon.exe and CSRSS.exe), or to even look at the Properties.
Enclosed and attached are the beginning scans you asked for. If I can be of further help, please let me know.
Wes
PS: the GMER scan is working. I'll post the results in a few minutes.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.21.2
Run by Terry at 10:34:13 on 2013-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.984 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Jarte\Jarte.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94C4001676285527&affID=122471&tsp=4966
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [NTRedirect] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Terry\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: LastPass - C:\Users\Terry\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Terry\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ED80F6C4-D432-453F-A510-0912A636D14F} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94C4001676285527&affID=122471&tsp=4966
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-23 07:53; support@lastpass.com; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\support@lastpass.com
FF - ExtSQL: 2013-07-30 09:16; {ada4b710-8346-4b82-8199-5de2b400a6ae}; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-08-06 09:33; ffxtlbr@delta.com; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\7zaaznxo.default-1371915297535\extensions\ffxtlbr@delta.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 94c406f0000000000000001676285527
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15923
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.09:33:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tsp=4966
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SafDskNT;SafeHouse;C:\Windows\System32\drivers\SAFDSKNT.SYS [2013-8-2 76112]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-8-6 2847696]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-6 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\LibreOffice 4.0\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-07 12:28:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{679FD129-741C-49BD-8BD7-2657EA4F9EC9}\mpengine.dll
2013-08-06 13:33:11 -------- d-----w- C:\Program Files (x86)\Delta
2013-08-06 13:32:42 -------- d-----w- C:\ProgramData\BrowserDefender
2013-08-06 13:32:33 -------- d-----w- C:\Users\Terry\AppData\Roaming\BabSolution
2013-08-06 13:32:32 -------- d-----w- C:\Program Files\Unlocker
2013-08-06 13:32:08 -------- d-----w- C:\ProgramData\Babylon
2013-08-06 13:32:06 -------- d-----w- C:\Users\Terry\AppData\Roaming\Babylon
2013-08-06 12:30:59 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-06 12:28:26 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-06 00:34:53 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-04 11:59:03 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-08-04 11:58:42 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2013-08-04 11:58:00 -------- d-----w- C:\Windows\PCHEALTH
2013-08-04 11:57:49 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-08-04 11:57:49 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-08-04 11:57:04 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-04 11:55:51 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\DXSETUP.exe
2013-08-04 11:55:51 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\dsetup32.dll
2013-08-04 11:55:50 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908067941ce9109\DSETUP.dll
2013-08-04 11:55:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-08-03 10:46:25 -------- d-sh--w- C:\found.000
2013-08-02 17:39:47 76112 ----a-w- C:\Windows\System32\drivers\SAFDSKNT.SYS
2013-08-02 17:39:40 -------- d-----w- C:\SafeHouse
2013-08-02 17:39:40 -------- d-----w- C:\Program Files (x86)\SafeHouse Explorer
2013-07-20 12:58:08 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-07-20 12:58:07 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-07-20 12:58:07 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-20 12:58:07 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-07-20 12:58:06 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-07-20 12:58:05 920472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-07-20 12:58:05 3407256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-07-20 12:58:05 279448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-07-20 12:58:04 59288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-07-20 12:58:04 478104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-07-20 12:58:04 117144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-07-19 20:01:30 -------- d-----w- C:\Program Files\Sandboxie
2013-07-17 19:26:50 -------- d-----w- C:\Test folder for Rons flash drive
2013-07-17 00:54:15 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0386207-56DF-41AF-ADE5-9DE2261E729F}\gapaengine.dll
2013-07-11 11:00:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 10:59:28 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 10:59:28 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-06-15 09:07:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 09:07:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-28 13:34:52 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-11 10:05:16 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
.
============= FINISH: 10:35:38.67 ===============