Chrome Message:
“Your connection is not private.
Attackers might be trying to steal your information from http://www.tmobile.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
The server could not prove that it is http://www.tmobile.com; its security certificate is from vip.tmobile.com. This may be caused by a misconfiguration or an attacker intercepting your connection.”
Firefox Message:
“This Connection is Untrusted
You have asked Firefox to connect securely to accounts.google.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Technical Details
accounts.google.com uses an invalid security certificate.
The certificate is only valid for the following names: *.services.mozilla.com, services.mozilla.com
(Error code: ssl_error_bad_cert_domain)”
A tech specialist told me to delete the following 3 items from the Registry. I deleted them prior to running DDS for this post:
HKEY_LOCAL_MACHINE\SOFTWARE\GEAR Software\DIFx\{7BE4D7A3-591B-4aff-89E1-2B0DE81D2113}
HKEY_LOCAL_MACHINE\SECURITY\RXACT
HKEY_USERS\S-1-5-20\Software\Microsoft\WAB\WAB4\Wab File Name
Please help confirm that my computer is no longer infected.
DDS.txt and Attach.txt logs are pasted below:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by Marissa at 23:43:45 on 2015-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1207 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Users\Marissa\AppData\Local\Akamai\netsession_win.exe
C:\Users\Marissa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\CoIEPlg.dll
uRun: [Akamai NetSession Interface] "C:\Users\Marissa\AppData\Local\Akamai\netsession_win.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.15.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{1FA2D3F7-F81C-4F26-9265-E58B886FE034} : DHCPNameServer = 192.168.15.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E} : DHCPNameServer = 192.168.15.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\0484F6D65603635453 : DHCPNameServer = 192.168.15.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\255646D6F6E6460245F677E6023456E6475627 : DHCPNameServer = 192.168.16.1
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\75352414D2745756374737 : DHCPNameServer = 192.168.0.24 192.168.1.24
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\84F4D454D233549323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\84F6D65603433523 : DHCPNameServer = 192.168.15.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\B636C637E2F627760275962756C6563737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{448C68EB-3DB2-4167-A8AB-FFCB8AF3781E}\D41636B696E6E6F6E6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\CoIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 amer.hops.glbdns.microsoft.com
Hosts: 127.0.0.1 apprep.smartscreen.microsoft.com
Hosts: 127.0.0.1 counter.kaspersky.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 stats.f-secure.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\6xycnp7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-27 56336]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\NISx64\1605000.07C\SymEFASI64.sys [2015-7-1 1611992]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [2015-7-7 1648880]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1605000.07C\ccSetx64.sys [2015-7-1 165080]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150714.001\IDSviA64.sys [2015-7-14 692984]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1605000.07C\Ironx64.sys [2015-7-1 288984]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1605000.07C\symnets.sys [2015-7-1 567512]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-28 98208]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-16 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-16 1133880]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe [2015-7-1 282016]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-27 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-27 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-28 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-28 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-7-3 153936]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-28 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-28 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-28 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-28 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-16 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-16 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-16 63704]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-28 245792]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2015-07-12 03:02:48 -------- d-----w- C:\FRST
2015-07-05 08:41:00 51880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-07-02 17:05:11 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB23C213-6F79-4429-A6C3-03CC34761A7A}\mpengine.dll
2015-07-01 21:01:15 917720 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\srtsp64.sys
2015-07-01 21:01:15 567512 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\symnets.sys
2015-07-01 21:01:15 42200 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\srtspx64.sys
2015-07-01 21:01:15 288984 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\Ironx64.sys
2015-07-01 21:01:15 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\SymELAM.sys
2015-07-01 21:01:15 165080 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\ccSetx64.sys
2015-07-01 21:01:15 1611992 ----a-r- C:\Windows\System32\drivers\NISx64\1605000.07C\SymEFASI64.sys
2015-07-01 21:00:48 -------- d-----w- C:\Windows\System32\drivers\NISx64\1605000.07C
2015-07-01 06:21:13 -------- d-----w- C:\ProgramData\boost_interprocess
2015-06-29 13:43:16 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-06-23 12:55:15 -------- d-----w- C:\Program Files\Windows Media Components
2015-06-23 12:51:51 -------- d-----w- C:\IExp1.tmp
2015-06-23 12:51:40 -------- d-----w- C:\IExp0.tmp
2015-06-23 12:51:38 -------- d-----w- C:\Windows\RegisteredPackages
2015-06-23 12:51:10 -------- d--h--w- C:\Windows\msdownld.tmp
2015-06-23 12:47:02 -------- d-----w- C:\UtilityOnlineMarch09
2015-06-18 20:01:15 -------- d-----w- C:\ProgramData\SecTaskMan
.
==================== Find3M ====================
.
2015-07-15 05:59:06 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 05:59:06 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 03:16:38 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-06 12:12:47 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-07-01 21:03:19 102616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-06-18 15:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 15:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:21:46 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2015-04-29 18:07:07 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2015-04-29 18:05:19 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-04-24 18:17:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-04-24 17:56:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
.
============= FINISH: 23:44:39.82 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2010 9:17:14 PM
System Uptime: 7/14/2015 1:10:35 PM (10 hours ago)
.
Motherboard: Dell Inc. | | 021CN3
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | U2E1 | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 246.253 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&39E140EF&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&39E140EF&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP483: 7/9/2015 3:50:23 PM - Scheduled Checkpoint
RP484: 7/11/2015 6:04:48 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 amer.hops.glbdns.microsoft.com
Hosts: 127.0.0.1 apprep.smartscreen.microsoft.com
Hosts: 127.0.0.1 counter.kaspersky.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 stats.f-secure.com
Hosts: 127.0.0.1 ads.mcafee.com
.
==== Installed Programs ======================
.
Ad-Aware Browsing Protection
Adobe AIR
Adobe Creative Cloud
Adobe Download Assistant
Adobe Flash Player 18 NPAPI
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
Advanced Audio FX Engine
Akamai NetSession Interface
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVS Audio Editor 7.2
Best Buy pc app
bl
Canon LBP7100C 7110C Uninstaller
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Webcam Central
DW WLAN Card
Gmail Backup
Google Chrome
Google Update Helper
HP Deskjet 1010 series Basic Device Software
HP Deskjet 1010 series Help
HP ENVY 120 series Basic Device Software
HP ENVY 120 series Help
HP FWUpdateEDO2
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Internet Security
PDF Settings CS6
ph
Quickset64
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Skype Click to Call
Skype™ 7.0
Synaptics Pointing Device Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/8/2015 11:03:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/7/2015 7:26:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/14/2015 4:47:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
7/14/2015 2:45:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
7/14/2015 10:31:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
7/14/2015 10:15:48 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/12/2015 5:25:51 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/12/2015 5:24:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
7/11/2015 6:33:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================