Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removing exploit:win32/cve-2011-0096

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removing exploit:win32/cve-2011-0096

Unread postby schen60 » March 9th, 2014, 10:52 pm

So recently, Microsoft Essentials keeps finding a virus called exploit:win32/cve-2011-0096. When it tries to remove it, it never successfully does so. I've also tried using Microsoft Security Scanner but it says that it was only able to remove it partially. So I'm hoping that you guys will be able to help me remove it completely. I have a Fujitsu Tablet that runs Windows 7 64-bit.

On another note, my last post was rejected because for some reason, it was detected as a business computer. I assure that this is my own laptop for personal use. The only reason why I think it detected that is because I am currently a college student. Some of my classes required me to download business programs for educational use. I assure you again that his is my own laptop.

dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Steven at 22:47:01 on 2014-03-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7930.4582 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\ISD\ISD_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Tablet\CalibrationAssistant.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Tenable\Nessus\nessus-service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Steven\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Steven\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [MP3 Skype recorder] C:\Users\Steven\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [StartFujitsuPointingDeviceUtility] "C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{950AD949-563F-4E17-BB0F-63B3246C31A6} : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{950AD949-563F-4E17-BB0F-63B3246C31A6}\37368656E66303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{950AD949-563F-4E17-BB0F-63B3246C31A6}\6545D275962756C6563737 : DHCPNameServer = 198.82.247.66 198.82.247.34
TCP: Interfaces\{950AD949-563F-4E17-BB0F-63B3246C31A6}\7657563747 : DHCPNameServer = 216.252.192.38 8.8.8.8
TCP: Interfaces\{950AD949-563F-4E17-BB0F-63B3246C31A6}\84162757 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
x64-Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
x64-Run: [PfNet] "C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r
x64-Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
x64-Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
x64-Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
x64-Run: [FJAutoR] C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2009-6-24 21104]
R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\System32\drivers\FJGSDisk.sys [2013-9-5 15208]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-6-2 2734400]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\System32\drivers\ekaprot6.sys [2012-3-23 27288]
R2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2011-3-11 73840]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-12-27 331776]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2013-9-5 63336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 TabletServiceISD;TabletServiceISD;C:\Program Files\Tablet\ISD\ISD_Tablet.exe [2013-9-5 5640048]
R2 TouchServiceISD;Wacom ISD Touch Service;C:\Program Files\Tablet\ISD\ISD_TouchService.exe [2013-9-5 449904]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-5 2656280]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-6-2 770152]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-9-5 131112]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2013-9-5 348712]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-5 39464]
R3 Fjbtndrv;Fujitsu Button Driver;C:\Windows\System32\drivers\FjBtnDrv.sys [2009-8-27 23040]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2006-11-1 7296]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-1-17 74088]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 wacomvthid;Virtual Touch Driver;C:\Windows\System32\drivers\WacomVTHid.sys [2013-9-5 16368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-3-30 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-5 1255736]
.
=============== Created Last 30 ================
.
2014-03-10 02:42:13 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5465261-8BE3-4D32-B26C-ADC4F1F42EAC}\offreg.dll
2014-03-10 02:32:14 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-10 00:18:09 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5465261-8BE3-4D32-B26C-ADC4F1F42EAC}\mpengine.dll
2014-03-09 17:04:52 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-08 02:11:48 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16FE6686-CF5E-4D2E-BAFA-377695CA53EE}\gapaengine.dll
2014-03-05 23:15:34 -------- d-----w- C:\Windows\System32\appmgmt
2014-03-02 01:57:32 -------- d-----w- C:\Program Files (x86)\EviGator
2014-03-01 07:33:31 -------- d-----w- C:\Users\Steven\AppData\Local\Skype
2014-02-28 15:19:00 -------- d-----w- C:\Users\Steven\AppData\Roaming\MP3SkypeRecorder
2014-02-28 15:19:00 -------- d-----w- C:\Users\Steven\AppData\Local\MP3_Skype_Recorder
2014-02-28 15:18:43 -------- d-----w- C:\Users\Steven\AppData\Local\MP3 Skype recorder
2014-02-28 05:34:35 -------- d-----w- C:\Program Files\iPod
2014-02-28 05:34:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 05:34:33 -------- d-----w- C:\Program Files\iTunes
2014-02-28 05:34:33 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-28 05:25:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-28 05:25:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-28 05:25:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-28 05:25:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-28 05:25:11 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-26 15:22:44 -------- d-----w- C:\Windows\Migration
2014-02-13 16:39:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 16:39:45 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 03:55:32 -------- d-----w- C:\Program Files\Wireshark
2014-02-13 03:10:45 -------- d-----w- C:\Users\Steven\AppData\Roaming\Wireshark
2014-02-12 19:07:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 19:07:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 19:07:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 19:07:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 19:04:53 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 19:04:53 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-09 22:21:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-08 22:07:13 -------- d-----w- C:\Windows\ERUNT
2014-02-08 21:03:22 -------- d-----w- C:\AdwCleaner
2014-02-08 20:58:02 -------- d-----w- C:\Users\Steven\AppData\Local\IBM_Corporation
2014-02-08 20:07:08 -------- d-----w- C:\ProgramData\firebird
2014-02-08 20:07:00 -------- d-----w- C:\Users\Steven\AppData\Roaming\IBM
2014-02-08 20:06:17 -------- d-----w- C:\Users\Steven\AppData\Roaming\FLEXnet
2014-02-08 19:56:21 -------- d-----w- C:\ProgramData\IBM
2014-02-08 19:55:18 -------- d-----w- C:\Program Files (x86)\IBM
2014-02-08 19:29:12 -------- d-----w- C:\ProgramData\Downloaded Installations
2014-02-08 04:36:13 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
.
==================== Find3M ====================
.
2014-03-10 02:32:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-10 02:32:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-17 21:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 22:48:08.87 ===============




attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2013 7:33:17 PM
System Uptime: 3/9/2014 10:14:02 PM (0 hours ago)
.
Motherboard: FUJITSU | | FJNB232
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | Onboard | 1998/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 106.326 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 98 GiB total, 34.938 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP129: 3/5/2014 5:47:12 PM - Removed IBM Security AppScan Standard.
RP130: 3/6/2014 12:54:51 PM - Windows Update
RP131: 3/9/2014 8:14:27 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Anytime USB Charge Utility
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
Auto Rotation Utility
Battery Utility
Bonjour
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP490 series MP Drivers
Canon MP490 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Ekahau HeatMapper
EviGator TAGView 2.0.0
Facebook Video Calling 2.0.0.447
FJ Camera
Fujitsu Button Utilities
Fujitsu Display Manager
Fujitsu Fingerprint Authentication Library
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Google Chrome
Google Talk Plugin
Google Update Helper
IBM Installation Manager
iCloud
inSSIDer Home
Inst5672
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
ISD Tablet
iTunes
Java 7 Update 45 (64-bit)
Java 7 Update 51
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)
Malwarebytes Anti-Malware version 1.75.0.1300
MATLAB R2013a
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
MP3 Skype recorder
Nmap 6.40
O2Micro Flash Memory Card Windows Driver
OmniPass
Oracle VM VirtualBox 4.2.16
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Annotator 4.0.0.400
Plugfree NETWORK
Pointing Device Utility
Power Saving Utility
Print to PDF Annotator (novaPDF OEM 7.6 printer)
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Scribblenauts Unmasked
Security Panel Application
Security Panel Application for Supervisor
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Lync 2013 (KB2850057) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2863834) 32-Bit Edition
Shock Sensor Utility
Skype Click to Call
Skype™ 6.14
Steam
swMSM
Synaptics Pointing Device Driver
Tenable Nessus (x64)
Touch Launcher
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
WIDCOMM Bluetooth Software
WiFiDEnum
Windows Driver Package - Fujitsu America, Inc. (FjBtnDrv) HIDClass (08/27/2009 4.2.0827.2009)
WinPcap 4.1.3
WinRAR 5.00 (64-bit)
WinZip 17.5
Wireshark 1.10.5 (64-bit)
Xirrus Wi-Fi Inspector
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 3:52:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147642915 Name: Exploit:Win32/CVE-2011-0096.A ID: 2147642915 Severity: Severe Category: Exploit Path: containerfile:_C:\Windows\Installer\401a932.msi;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/de-DE/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/en-US/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/es-ES/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/fr-FR/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/it-IT/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/ja-JP/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/ko-KR/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/pt-BR/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/ru-RU/MHTMLXSS.xml;file:_C:\Windows\Installer\401a932.msi->Data1.cab->advisories.zip->Advisories/zh-CHS/MHTMLXSS.xml;file Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.167.1518.0, AS: 1.167.1518.0, NIS: 110.20.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10302.0
3/9/2014 10:23:33 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/9/2014 10:21:32 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
3/9/2014 10:15:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
3/9/2014 10:15:03 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/7/2014 7:55:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletServiceISD service.
3/7/2014 3:33:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1334.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/7/2014 11:05:00 AM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 172.31.161.77. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/7/2014 10:51:07 AM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.161.77. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/6/2014 9:24:55 AM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 172.31.60.219. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/6/2014 9:22:57 AM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.60.219. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/6/2014 9:22:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/6/2014 8:43:53 AM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 172.31.239.122. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/6/2014 7:06:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServiceISD service.
3/6/2014 2:41:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{950AD949-563F-4E17-BB0F-63B3246C31A6} because another computer on the network has the same name. The server could not start.
3/6/2014 12:41:53 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.41.112. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/6/2014 1:33:56 PM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 172.31.41.112. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 7:06:31 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
3/5/2014 4:43:18 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.162.81. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 2:40:03 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.239.145. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 12:58:43 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.164.210. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 11:29:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/5/2014 11:29:15 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2014 11:27:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{EC5B6E21-6A75-414E-BBA5-74B8304765DF} because another computer on the network has the same name. The server could not start.
3/5/2014 11:27:18 PM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 128.173.35.189. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 11:27:18 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 128.173.35.189. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 11:25:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
3/5/2014 10:40:53 PM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 128.173.38.197. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 10:40:53 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 128.173.38.197. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/5/2014 1:36:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147642915 Name: Exploit:Win32/CVE-2011-0096.A ID: 2147642915 Severity: Severe Category: Exploit Path: containerfile:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip;containerfile:_C:\ProgramData\Downloaded Installations\AppScan\{EDC0650F-09E2-4C35-97FA-E01347A7AA10}\IBM Security AppScan Standard.msi;containerfile:_C:\ProgramData\IBM\AppScan Standard\temp\10708\advisories\advisories.zip;containerfile:_C:\Windows\Installer\401a932.msi;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/de-DE/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/en-US/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/es-ES/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/fr-FR/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/it-IT/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/ja-JP/MHTMLXSS.xml;file:_C:\Program Files (x86)\IBM\AppScan Standard\Advisories.zip->Advisories/ko-KR/MHTMLXSS.xml;file: Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.167.1238.0, AS: 1.167.1238.0, NIS: 110.19.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10302.0
3/4/2014 8:42:50 AM, Error: NetBT [4321] - The name "STEVEN-PC :20" could not be registered on the interface with IP address 172.31.233.203. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/4/2014 3:25:14 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.167.45. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/4/2014 1:07:47 PM, Error: NetBT [4321] - The name "STEVEN-PC :0" could not be registered on the interface with IP address 172.31.41.27. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer.
3/3/2014 9:47:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/2/2014 9:32:45 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CAINE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E4F93F1E-C5BF-494F-AA9A-0F6CFE923A83}. The master browser is stopping or an election is being forced.
3/2/2014 10:06:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCHEN60-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E4F93F1E-C5BF-494F-AA9A-0F6CFE923A83}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
schen60
Active Member
 
Posts: 2
Joined: February 8th, 2014, 12:51 am
Advertisement
Register to Remove

Re: Removing exploit:win32/cve-2011-0096

Unread postby Gary R » March 10th, 2014, 6:00 pm

Your logs show that you regularly connect to an Educational Network belonging to Virginia Polytechnic Institute and State Univ. and since you admit yourself that you are a student, this would appear to be consistent with your statement.

Unfortunately we do not work on machines which connect to Educational Networks, the following posts (which you should have read before posting to ask for help) explain why .... viewtopic.php?p=491380#p491380 .... viewtopic.php?p=531111#p531111

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 124 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware