Author Topic: Windows 7 Internet Security 2012 infection. (Read 1977 times)

Horton · « **on:** January 09, 2012, 07:28:24 PM »

Hi All. I have been directed here by ravencajun for the purpose of ridding my computer of the subject mentioned infection.(Windows 7 Internet Security 2012).
Please go real easy with me as my computer skills are not all that great.

I thank you in advance for any assistance you may give.

Corrine · « **Reply #1 on:** January 09, 2012, 09:39:19 PM »

Hi, Horton. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

In order to determine the depth of the infection, please provide the requested logs as indicated in the Log Posting Instructions topic. If you have problems downloading or running any of the requested programs, please post any that complete as a reply.

(Garden Web Topic)

Thank you.

Horton · « **Reply #2 on:** January 10, 2012, 11:27:41 AM »

Mystical Rose, thank you for your response and offer of assistance.
I had a look through the instructions you mentioned and will make an attempt at completing the task and posting the required information as soon as possible.

Unfortunately it will not be for a couple of days, as I have some other business to take care of before I can, hopefully, sit down and concentrate on this problem.
In the meantime I thank you for your kindness and patience.

Horton · « **Reply #3 on:** January 10, 2012, 12:05:58 PM »

After reading over the instructions again I figured I could possibly send in the required information for your perusal right away.
I hope I have done it correctly??!!

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
``````````End of Log````````````

info.txt logfile of random's system information tool 1.09 2012-01-10 07:35:16

======Uninstall list======

64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin
Adobe Reader X (10.1.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{83DA46EC-2CB1-4649-9100-C4F98D8DA8CD}\Setup.exe" -l0x9
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4FE82F4B-B7D8-4E65-84AD-E0436CDE57DD}\Setup.exe" -l0x9
ArcSoft ShowBiz DVD 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E883DCB3-766D-4166-8B28-33C8FE451F2B}\Setup.exe" -l0x9
ASUS E-Green Uninstall-->"C:\Program Files (x86)\ASUS E-Green\Uninstall.exe"
Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe"
avast! Internet Security-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
Bonjour Print Services-->MsiExec.exe /I{0DA20600-6130-443B-9D4B-F30520315FA6}
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Digital Video-->C:\Program Files (x86)\InstallShield Installation Information\{C833C7B6-1140-471D-932B-391B5CA66D7D}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5-->C:\Program Files (x86)\HP\Digital Imaging\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}\setup\hpzscr40.exe -datfile hposcr37.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files (x86)\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Juniper Networks Setup Client Activex Control-->C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 8.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NCH Toolbox-->C:\Program Files (x86)\NCH Swift Sound\ToolBox\uninst.exe
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Revo Uninstaller 1.93-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}
Windows Live Family Safety-->MsiExec.exe /X{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
XVID Codec Installation-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{534C6D59-D6E3-48A6-AD0B-747799019960}\Setup.exe" -l0x9

======System event log======

Computer Name: Owner-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 343285
Source Name: RTL8167
Time Written: 20110914143442.388819-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 343163
Source Name: Service Control Manager
Time Written: 20110914115620.145679-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 11
Message: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Record Number: 343132
Source Name: Microsoft-Windows-Wininit
Time Written: 20110914115559.745639-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 121
Message: The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
Record Number: 343131
Source Name: MSiSCSI
Time Written: 20110914115557.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 343099
Source Name: RTL8167
Time Written: 20110914115548.295218-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 42944
Source Name: Microsoft-Windows-CAPI2
Time Written: 20110309165259.860467-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 59
Message: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll" on line 2. Invalid Xml syntax.
Record Number: 42938
Source Name: SideBySide
Time Written: 20110309134553.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 59
Message: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search box extension\SrchBxEx.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search box extension\SrchBxEx.dll" on line 2. Invalid Xml syntax.
Record Number: 42937
Source Name: SideBySide
Time Written: 20110309134553.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 63
Message: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Record Number: 42936
Source Name: SideBySide
Time Written: 20110309134534.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 63
Message: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Record Number: 42935
Source Name: SideBySide
Time Written: 20110309134527.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 58772
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110503102642.112357-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      OWNER-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x1f0
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 58771
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110503102642.112357-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 58770
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110503102449.197291-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      OWNER-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x1f0
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 58769
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110503102449.197291-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-0-0
   Account Name:      -
   Account Domain:      -
   Logon ID:      0x0

Logon Type:         3

New Logon:
   Security ID:      S-1-5-7
   Account Name:      ANONYMOUS LOGON
   Account Domain:      NT AUTHORITY
   Logon ID:      0x2a6a6
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x0
   Process Name:      -

Network Information:
   Workstation Name:
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      NtLmSsp
   Authentication Package:   NTLM
   Transited Services:   -
   Package Name (NTLM only):   NTLM V1
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 58768
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110503102440.288061-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"tvdumpflags"=8
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2012-01-10 07:35:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 595 GB (91%) free of 654 GB
Total RAM: 4085 MB (72% free)

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2268
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4197b8b9-95b6-4984-bae9-7a87bd8bee4f -SystemEventPortName:HostProcess-86aeda1e-a631-4c54-923d-b98169f98a99 -IoCancelEventPortName:HostProcess-9b17b4d5-1d7a-472d-a42a-f1be81868aab -NonStateChangingEventPortName:HostProcess-0a70f795-ad09-4889-8948-0d532a4bee13 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:eb452da8-0e0c-4422-a715-7d09b1481562
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "http://www.landzdown.com/analysis-and-malware-removal/"
"C:\Users\Owner\Documents\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3464874965-1268753869-1679222635-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3464874965-1268753869-1679222635-1000UA.job
C:\Windows\tasks\Norton Security Scan for Owner.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6uvtnpdf.default

prefs.js - "keyword.URL" - "http://search.addthis.com/search?pco=fxe-3.1.3&locale=en-US&sl=ub&q="

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6uvtnpdf.default\extensions\
{3e0e7d2a-070f-4a47-b019-91fe5385ba79}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-30 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"NetworkIndicator"=C:\Users\Owner\AppData\Local\Temp\Temp2_network-activity-indicator.zip\NetworkIndicator.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-07-29 2988928]
"DriverFinder"=C:\Program Files (x86)\DriverFinder\DriverFinder.exe []
"WeatherEye"=C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2011-08-22 311584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"CLMLServer"=C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-09-27 59240]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"TkBellExe"=c:\program files (x86)\real\realplayer\Update\realsched.exe [2011-11-30 296056]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-12-08 421736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.exe - open - "C:\Users\Owner\AppData\Local\wpd.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-10 07:35:08 ----D---- C:\rsit
2012-01-10 07:35:08 ----D---- C:\Program Files\trend micro
2011-12-24 07:06:43 ----D---- C:\Program Files\iPod
2011-12-24 07:06:42 ----D---- C:\Program Files\iTunes
2011-12-24 07:06:42 ----D---- C:\Program Files (x86)\iTunes
2011-12-15 06:59:26 ----D---- C:\ProgramData\Symantec
2011-12-15 06:59:22 ----D---- C:\Windows\system32\drivers\NSSx64
2011-12-15 06:59:21 ----D---- C:\ProgramData\Norton
2011-12-15 06:59:20 ----D---- C:\ProgramData\NortonInstaller
2011-12-15 06:59:20 ----D---- C:\Program Files (x86)\NortonInstaller
2011-12-14 16:55:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-14 16:55:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-14 16:55:14 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 16:55:14 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 16:55:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-14 16:55:13 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-14 16:55:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-14 16:55:13 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 16:55:13 ----A---- C:\Windows\system32\url.dll
2011-12-14 16:55:13 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 16:55:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-14 16:55:12 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 16:55:12 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 16:55:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-14 16:55:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-12-14 16:55:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-12-14 16:55:11 ----A---- C:\Windows\system32\jscript9.dll
2011-12-14 16:55:11 ----A---- C:\Windows\system32\jscript.dll
2011-12-14 16:55:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-14 16:55:08 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-14 16:55:08 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 16:55:07 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 16:46:59 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 16:46:51 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 16:46:43 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 16:46:43 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 16:46:38 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 16:46:38 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 month======

2012-01-10 07:35:08 ----RD---- C:\Program Files
2012-01-10 07:35:08 ----D---- C:\Windows\Prefetch
2012-01-10 07:29:43 ----D---- C:\Windows\Temp
2012-01-10 06:59:27 ----D---- C:\Windows\system32\config
2012-01-10 06:50:18 ----D---- C:\Windows\System32
2012-01-10 06:50:18 ----D---- C:\Windows\inf
2012-01-10 06:50:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-09 16:33:32 ----SHD---- C:\Windows\Installer
2012-01-09 16:33:32 ----HD---- C:\Config.Msi
2012-01-09 07:36:35 ----D---- C:\Windows\SYSWOW64\sysprep
2012-01-09 07:36:25 ----HD---- C:\ProgramData
2012-01-08 07:23:55 ----D---- C:\Windows
2012-01-06 07:35:45 ----D---- C:\ProgramData\DivX
2012-01-06 07:35:39 ----D---- C:\Program Files (x86)\DivX
2012-01-04 09:00:55 ----D---- C:\Windows\system32\catroot2
2012-01-03 08:35:24 ----SHD---- C:\System Volume Information
2011-12-28 09:10:07 ----D---- C:\Windows\ModemLogs
2011-12-28 09:03:56 ----D---- C:\Program Files (x86)\CCleaner
2011-12-24 07:06:42 ----RD---- C:\Program Files (x86)
2011-12-24 07:06:42 ----D---- C:\ProgramData\Apple Computer
2011-12-24 07:05:15 ----D---- C:\Windows\winsxs
2011-12-24 07:05:12 ----D---- C:\Windows\system32\DriverStore
2011-12-24 07:05:12 ----D---- C:\Windows\system32\catroot
2011-12-24 07:05:08 ----D---- C:\Program Files\Common Files\Apple
2011-12-23 15:15:46 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-12-17 10:32:58 ----D---- C:\Windows\debug
2011-12-15 08:04:20 ----D---- C:\Windows\rescache
2011-12-15 06:59:29 ----D---- C:\Windows\Tasks
2011-12-15 06:59:29 ----D---- C:\Windows\system32\Tasks
2011-12-15 06:59:22 ----D---- C:\Windows\system32\drivers
2011-12-15 06:52:57 ----D---- C:\Windows\SYSWOW64\migration
2011-12-15 06:52:57 ----D---- C:\Windows\SysWOW64
2011-12-15 06:52:57 ----D---- C:\Windows\system32\migration
2011-12-15 06:52:57 ----D---- C:\Program Files\Internet Explorer
2011-12-15 06:52:57 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-14 16:55:51 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 16:54:51 ----D---- C:\Windows\SYSWOW64\en-US
2011-12-14 16:54:51 ----D---- C:\Windows\system32\en-US
2011-12-14 16:40:53 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2011-11-28 258392]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2011-11-28 140120]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-09-18 22784]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-21 413800]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
R3 VST64_DPV;VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 934760]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Corrine · « **Reply #4 on:** January 10, 2012, 02:42:17 PM »

Hi, Horton.

You did good but some key information is missing from the RSIT log that is needed for further analysis. Please download DDS.scr by sUBs and save it to your desktop: Link

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.

Horton · « **Reply #5 on:** January 10, 2012, 07:48:39 PM »

Sorry M.R. I thought I had posted these two with the others!!??

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2009 11:26:51 AM
System Uptime: 1/10/2012 3:31:35 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0T287N
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 639 GiB total, 582.625 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 40.184 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\NET\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP430: 12/9/2011 10:54:46 AM - Windows Update
RP431: 12/10/2011 11:46:29 AM - Removed Apple Mobile Device Support
RP432: 12/13/2011 7:39:28 AM - Windows Update
RP433: 12/14/2011 4:54:24 PM - Windows Update
RP434: 12/15/2011 7:04:25 AM - Revo Uninstaller's restore point - Norton Security Scan
RP435: 12/20/2011 7:05:01 AM - Windows Update
RP436: 12/23/2011 7:09:11 AM - Windows Update
RP437: 12/27/2011 7:23:06 AM - Windows Update
RP438: 12/28/2011 8:02:41 PM - Revo Uninstaller's restore point - WeatherEye
RP439: 1/3/2012 8:35:05 AM - Windows Update
RP440: 1/10/2012 9:09:38 AM - Scheduled Checkpoint
RP441: 1/10/2012 3:02:04 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ArcSoft MediaConverter 2
ArcSoft PhotoImpression 5
ArcSoft ShowBiz DVD 2
ASUS E-Green Uninstall
Auslogics Disk Defrag
avast! Internet Security
Bing Bar
BufferChm
Copy
CyberLink Power2Go
D3DX10
Destinations
DeviceDiscovery
Digital Video
DivX Setup
DJ_AIO_05_F4400_Software_Min
Driver Detective
F4400
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
ShareIns
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
WeatherEye
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/10/2012 3:32:49 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/10/2012 3:32:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/10/2012 3:32:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
1/10/2012 3:32:21 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
1/10/2012 3:32:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/10/2012 3:32:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 15:39:18 on 2012-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2544 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskhost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [NetworkIndicator] C:\Users\Owner\AppData\Local\Temp\Temp2_network-activity-indicator.zip\NetworkIndicator.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
uRun: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
mRun: [<NO NAME>]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DE003C9E-1E0B-4AF8-8FDB-5C01421E27A7} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6uvtnpdf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.3&locale=en-US&sl=ub&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-3 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-3 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-29 1153368]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-10 12:35:08   --------   d-----w-   C:\Program Files\trend micro
2012-01-10 11:58:53   --------   d-----w-   C:\Users\Owner\AppData\Local\{25C84B89-AF6C-4430-8435-55C29D6594E8}
2012-01-10 11:58:40   --------   d-----w-   C:\Users\Owner\AppData\Local\{5B140B4B-B4C4-42A7-B1C0-BED22403798A}
2012-01-09 12:36:19   398336   ----a-w-   C:\Users\Owner\AppData\Local\jjw.exe
2012-01-09 12:20:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{DD4F6EAF-CCD8-424D-928C-E8E36A85B300}
2012-01-09 12:20:27   --------   d-----w-   C:\Users\Owner\AppData\Local\{997465D9-80F1-4F42-8589-7CA022BF671E}
2012-01-08 12:31:41   --------   d-----w-   C:\Users\Owner\AppData\Local\{20174A4D-F500-437E-B272-4AE7D150BAC4}
2012-01-08 12:31:28   --------   d-----w-   C:\Users\Owner\AppData\Local\{D6D7CC6D-C54D-4CCF-BF20-7064FEE11889}
2012-01-07 12:29:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{8CDD0F9E-BBE1-4FC9-A65B-616E061AC89C}
2012-01-07 12:29:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{7811681C-811D-4DE4-9CF1-B0D78A4F2CD5}
2012-01-06 12:36:48   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB7AB340-9AC1-435B-A1E9-DB25011F5FCB}\mpengine.dll
2012-01-06 12:36:34   --------   d-----w-   C:\Users\Owner\AppData\Local\DDMSettings
2012-01-06 12:33:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{AA6435DB-A388-4488-8131-84E2FA7F502C}
2012-01-06 12:33:40   --------   d-----w-   C:\Users\Owner\AppData\Local\{87C6E568-527D-4AF7-BE7D-14011C012348}
2012-01-05 11:48:20   --------   d-----w-   C:\Users\Owner\AppData\Local\{004DD7DD-727A-4BA0-AA7F-1E194E47D697}
2012-01-05 11:48:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{40FEAB25-C975-4F06-8418-94B9ABCCB0FC}
2012-01-04 19:24:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{A78908B2-40A7-4C8C-82B7-BEAE4B3D1670}
2012-01-04 19:24:24   --------   d-----w-   C:\Users\Owner\AppData\Local\{7C72DE1F-60F8-43A7-B0C6-74F16440AB47}
2012-01-03 13:38:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{D9BF48C4-18C4-484E-8863-F04EC9077994}
2012-01-03 13:38:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{5E0CE4E2-808A-4334-9A65-7A52B39A57D3}
2012-01-02 12:46:38   --------   d-----w-   C:\Users\Owner\AppData\Local\{38FFAE0F-48F5-4EA2-991F-8718EB257D90}
2012-01-02 12:46:25   --------   d-----w-   C:\Users\Owner\AppData\Local\{4F0465D4-5D84-4FB3-8D1C-0D72ABC11B8C}
2012-01-01 15:52:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{84E52D3C-FBCD-4847-A619-53E84B63A79B}
2012-01-01 15:52:22   --------   d-----w-   C:\Users\Owner\AppData\Local\{22B612F5-B3C8-4404-9A2D-D56759C1EE6C}
2011-12-31 12:40:11   --------   d-----w-   C:\Users\Owner\AppData\Local\{3365E3F7-9DA1-48F9-B963-AEDC5A2603F1}
2011-12-31 12:39:58   --------   d-----w-   C:\Users\Owner\AppData\Local\{A3438FB9-A2A4-4CA9-A325-F0216697E656}
2011-12-30 12:17:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{61FFA488-87B9-4E51-8A2A-5F084BB1479D}
2011-12-30 12:17:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{F698E831-DDE0-4A5F-9462-D50C2AA27F50}
2011-12-29 12:48:46   --------   d-----w-   C:\Users\Owner\AppData\Local\{C0C4070C-0CFD-40A9-9BD9-CCD27264C013}
2011-12-29 12:48:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{9E8634AA-D3D9-40CF-AE67-0A467B0B4C3E}
2011-12-29 00:38:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{B3142618-35CB-4BC0-8EE5-4A9A877D40E3}
2011-12-29 00:38:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{ADFF7EBA-A9F5-4858-8ADE-BA38CF885172}
2011-12-28 12:11:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{A65DAB44-83D3-4E6C-9224-A5C407E82DB1}
2011-12-28 12:11:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{90514ECC-C343-4137-AE4F-9A450EBE6A71}
2011-12-27 12:22:21   --------   d-----w-   C:\Users\Owner\AppData\Local\{5A6F0CF0-96E3-44AA-B9A0-EF66E3EAE703}
2011-12-27 12:21:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{3CAFAF64-51E0-43EE-A355-1445308B53C6}
2011-12-26 12:25:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{1FC92E92-4CE8-4679-A444-796B7B3FA6A3}
2011-12-26 12:25:29   --------   d-----w-   C:\Users\Owner\AppData\Local\{4EA0BED9-3FDE-42C2-AE22-D062AA132255}
2011-12-25 12:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{06F41CD0-DCAA-4BA3-9843-6E42B045327F}
2011-12-25 12:35:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{02625DFC-1F98-4206-99F0-982147C80F1D}
2011-12-24 12:06:43   --------   d-----w-   C:\Program Files\iPod
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files\iTunes
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files (x86)\iTunes
2011-12-24 11:47:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{3E5D0FAD-4D4C-461F-9AC1-02E01928B4D1}
2011-12-24 11:46:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{BC1A453D-C94D-4A66-88DC-B44A540B2F64}
2011-12-23 11:51:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{55932F54-02B6-496D-984F-DFE17F04A765}
2011-12-23 11:51:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{45228775-C592-4C3D-B53D-C52D2A43B2ED}
2011-12-22 06:13:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{5FFB457D-CD72-4585-A785-C6A7987E2149}
2011-12-22 06:13:09   --------   d-----w-   C:\Users\Owner\AppData\Local\{E35BC3F6-7870-45D9-BA5E-A5043443F0FB}
2011-12-21 11:55:18   --------   d-----w-   C:\Users\Owner\AppData\Local\{1E421217-36BB-47EC-82E5-0F19BF09DE90}
2011-12-21 11:55:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{0EB17174-E679-453D-8B5F-E1E2FBC6B263}
2011-12-20 12:06:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{2B1938B9-6D97-4025-AFEA-6FC0FCD5CA15}
2011-12-20 12:06:45   --------   d-----w-   C:\Users\Owner\AppData\Local\{4832F7AE-C25A-483B-B12E-F2911D9EA206}
2011-12-19 13:26:53   --------   d-----w-   C:\Users\Owner\AppData\Local\{829A3F04-098F-405E-A3AE-806D1053719D}
2011-12-19 13:26:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{6CB686C8-F22A-404D-8214-9D5157DD920F}
2011-12-18 12:43:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{06009B7E-7470-4447-A37A-C8F74B5DCD92}
2011-12-18 12:43:30   --------   d-----w-   C:\Users\Owner\AppData\Local\{A607F472-32F6-4FB5-B9C2-3E8E46D72EB2}
2011-12-17 12:00:01   --------   d-----w-   C:\Users\Owner\AppData\Local\{DA0E6FCA-B573-42D5-8092-9DC57469120C}
2011-12-17 11:59:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{C2BFC38A-1D65-4F4F-97AB-F7CBF799CCA4}
2011-12-16 13:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{15F1C407-8A03-4D1D-9EF2-FE2E2A8F4211}
2011-12-16 13:35:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{0A1515A0-9989-4B59-8492-902E986861A1}
2011-12-15 12:07:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{8AFF38ED-CF0D-47E3-9E54-4C47E6F51777}
2011-12-15 12:07:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{969B510F-239D-40CD-BFC3-6496679E215D}
2011-12-15 11:59:26   --------   d-----w-   C:\ProgramData\Symantec
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64\0306010.00B
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64
2011-12-15 11:59:21   --------   d-----w-   C:\ProgramData\Norton
2011-12-15 11:59:20   --------   d-----w-   C:\ProgramData\NortonInstaller
2011-12-15 11:59:20   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2011-12-14 21:46:59   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-14 21:46:51   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-12-14 21:46:43   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-12-14 21:46:43   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-12-14 11:17:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{E2695C2F-C55B-48F8-9F49-083D377EC627}
2011-12-14 11:17:04   --------   d-----w-   C:\Users\Owner\AppData\Local\{0520B2A0-A5C6-42C3-80A8-0A42FF238C7F}
2011-12-13 13:31:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{5B032F0B-83EE-4FD2-A5B3-216F29B65298}
2011-12-13 13:31:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{3F9B0CFB-D63E-436B-A595-8746402780FB}
2011-12-13 01:20:02   --------   d-----w-   C:\Users\Owner\AppData\Local\{B9FCF95B-D5C5-4256-AC9B-71FC12A05945}
2011-12-13 01:19:50   --------   d-----w-   C:\Users\Owner\AppData\Local\{6FBCB4FB-9DF4-44F6-8990-C3F0EC2DD7D3}
2011-12-12 11:05:06   --------   d-----w-   C:\Users\Owner\AppData\Local\{F00AA1B2-0C8E-4E52-868E-AF60B2775FC1}
2011-12-12 11:04:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{6DB722B6-BBF6-4D9F-8838-DF0173040178}
.
==================== Find3M ====================
.
2011-11-30 12:35:38   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2011-11-30 12:35:37   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2011-11-28 18:01:25   41184   ----a-w-   C:\Windows\avastSS.scr
2011-11-28 17:54:44   140120   ----a-w-   C:\Windows\System32\drivers\aswFW.sys
2011-11-28 17:54:06   591192   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:53:28   258392   ----a-w-   C:\Windows\System32\drivers\aswNdis2.sys
2011-11-28 17:52:11   66904   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-14 12:22:49   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-10-24 18:29:02   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2011-10-20 23:26:22   94208   ----a-w-   C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 15:41:42.13 ===============

Corrine · « **Reply #6 on:** January 10, 2012, 10:13:18 PM »

Hi, Horton.

1) Please download the following two files. In the event you are blocked by the malware from downloading, it will be necessary to go to an uninfected computer and then transfer the files to the infected computer via CD/DVD, external drive, or USB flash drive.

FixNCR.reg
Bleeping Computer Downloads: RKill

2) Insert the removable device into the infected computer and open the folder the drive letter associated with it. Double-click the FixNCR.reg file to fix the Registry on your infected computer.

3) Copy the downloaded RKill file to the desktop of the infected computer.

Double-click rkill to run.
A command window will open then disappear upon completion, this is normal.
Please leave rkill on the Desktop until otherwise advised.
Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes: If you you receive security warnings about rkill, please ignore and allow the download to continue.

4) Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

5) Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please provide copies of both the TDSSKiller and MBAM logs with your next reply along with a fresh DDS log.

Thank you.

Horton · « **Reply #7 on:** January 10, 2012, 11:31:20 PM »

.M.S,here you are, lets hope I did it correctly and the information you need is there.

Just as an aside to this, when I turned the computer on after posting the first logs this afternoon there was no sign of Windows 7 Internet Security 2012 on the computer and all the programs worked again with a left click. The tools had returned to the Toolbar , they had all disappeared when I turned on the machine this morning. No phony boxes appeared on the screen with their warnings of doom and disaster.
I didn't know if the infection was gone or if it was lurking in some dark corner ready to pop up again. Anyway it all looks good at the moment.........?????

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2009 11:26:51 AM
System Uptime: 1/9/2012 2:42:08 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0T287N
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 639 GiB total, 581.217 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 40.184 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\NET\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP428: 12/2/2011 8:28:51 AM - Windows Update
RP429: 12/6/2011 8:25:54 AM - Windows Update
RP430: 12/9/2011 10:54:46 AM - Windows Update
RP431: 12/10/2011 11:46:29 AM - Removed Apple Mobile Device Support
RP432: 12/13/2011 7:39:28 AM - Windows Update
RP433: 12/14/2011 4:54:24 PM - Windows Update
RP434: 12/15/2011 7:04:25 AM - Revo Uninstaller's restore point - Norton Security Scan
RP435: 12/20/2011 7:05:01 AM - Windows Update
RP436: 12/23/2011 7:09:11 AM - Windows Update
RP437: 12/27/2011 7:23:06 AM - Windows Update
RP438: 12/28/2011 8:02:41 PM - Revo Uninstaller's restore point - WeatherEye
RP439: 1/3/2012 8:35:05 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ArcSoft MediaConverter 2
ArcSoft PhotoImpression 5
ArcSoft ShowBiz DVD 2
ASUS E-Green Uninstall
Auslogics Disk Defrag
avast! Internet Security
Bing Bar
BufferChm
Copy
CyberLink Power2Go
D3DX10
Destinations
DeviceDiscovery
Digital Video
DivX Setup
DJ_AIO_05_F4400_Software_Min
Driver Detective
F4400
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
ShareIns
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
WeatherEye
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 2:43:11 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/9/2012 2:42:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
1/9/2012 2:42:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/9/2012 2:42:51 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
1/9/2012 2:42:51 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/9/2012 2:42:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 16:12:20 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2521 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\AppData\Local\wpd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [NetworkIndicator] C:\Users\Owner\AppData\Local\Temp\Temp2_network-activity-indicator.zip\NetworkIndicator.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
uRun: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
mRun: [<NO NAME>]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DE003C9E-1E0B-4AF8-8FDB-5C01421E27A7} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6uvtnpdf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.3&locale=en-US&sl=ub&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-3 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-3 127192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-29 1153368]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.exe=Y47
.
=============== Created Last 30 ================
.
2012-01-09 12:36:19   398336   ----a-w-   C:\Users\Owner\AppData\Local\jjw.exe
2012-01-09 12:20:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{DD4F6EAF-CCD8-424D-928C-E8E36A85B300}
2012-01-09 12:20:27   --------   d-----w-   C:\Users\Owner\AppData\Local\{997465D9-80F1-4F42-8589-7CA022BF671E}
2012-01-08 12:31:41   --------   d-----w-   C:\Users\Owner\AppData\Local\{20174A4D-F500-437E-B272-4AE7D150BAC4}
2012-01-08 12:31:28   --------   d-----w-   C:\Users\Owner\AppData\Local\{D6D7CC6D-C54D-4CCF-BF20-7064FEE11889}
2012-01-07 12:29:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{8CDD0F9E-BBE1-4FC9-A65B-616E061AC89C}
2012-01-07 12:29:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{7811681C-811D-4DE4-9CF1-B0D78A4F2CD5}
2012-01-06 12:36:48   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB7AB340-9AC1-435B-A1E9-DB25011F5FCB}\mpengine.dll
2012-01-06 12:36:34   --------   d-----w-   C:\Users\Owner\AppData\Local\DDMSettings
2012-01-06 12:33:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{AA6435DB-A388-4488-8131-84E2FA7F502C}
2012-01-06 12:33:40   --------   d-----w-   C:\Users\Owner\AppData\Local\{87C6E568-527D-4AF7-BE7D-14011C012348}
2012-01-05 11:48:20   --------   d-----w-   C:\Users\Owner\AppData\Local\{004DD7DD-727A-4BA0-AA7F-1E194E47D697}
2012-01-05 11:48:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{40FEAB25-C975-4F06-8418-94B9ABCCB0FC}
2012-01-04 19:24:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{A78908B2-40A7-4C8C-82B7-BEAE4B3D1670}
2012-01-04 19:24:24   --------   d-----w-   C:\Users\Owner\AppData\Local\{7C72DE1F-60F8-43A7-B0C6-74F16440AB47}
2012-01-03 13:38:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{D9BF48C4-18C4-484E-8863-F04EC9077994}
2012-01-03 13:38:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{5E0CE4E2-808A-4334-9A65-7A52B39A57D3}
2012-01-02 12:46:38   --------   d-----w-   C:\Users\Owner\AppData\Local\{38FFAE0F-48F5-4EA2-991F-8718EB257D90}
2012-01-02 12:46:25   --------   d-----w-   C:\Users\Owner\AppData\Local\{4F0465D4-5D84-4FB3-8D1C-0D72ABC11B8C}
2012-01-01 15:52:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{84E52D3C-FBCD-4847-A619-53E84B63A79B}
2012-01-01 15:52:22   --------   d-----w-   C:\Users\Owner\AppData\Local\{22B612F5-B3C8-4404-9A2D-D56759C1EE6C}
2011-12-31 12:40:11   --------   d-----w-   C:\Users\Owner\AppData\Local\{3365E3F7-9DA1-48F9-B963-AEDC5A2603F1}
2011-12-31 12:39:58   --------   d-----w-   C:\Users\Owner\AppData\Local\{A3438FB9-A2A4-4CA9-A325-F0216697E656}
2011-12-30 12:17:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{61FFA488-87B9-4E51-8A2A-5F084BB1479D}
2011-12-30 12:17:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{F698E831-DDE0-4A5F-9462-D50C2AA27F50}
2011-12-29 12:48:46   --------   d-----w-   C:\Users\Owner\AppData\Local\{C0C4070C-0CFD-40A9-9BD9-CCD27264C013}
2011-12-29 12:48:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{9E8634AA-D3D9-40CF-AE67-0A467B0B4C3E}
2011-12-29 00:38:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{B3142618-35CB-4BC0-8EE5-4A9A877D40E3}
2011-12-29 00:38:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{ADFF7EBA-A9F5-4858-8ADE-BA38CF885172}
2011-12-28 12:11:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{A65DAB44-83D3-4E6C-9224-A5C407E82DB1}
2011-12-28 12:11:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{90514ECC-C343-4137-AE4F-9A450EBE6A71}
2011-12-27 12:22:21   --------   d-----w-   C:\Users\Owner\AppData\Local\{5A6F0CF0-96E3-44AA-B9A0-EF66E3EAE703}
2011-12-27 12:21:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{3CAFAF64-51E0-43EE-A355-1445308B53C6}
2011-12-26 12:25:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{1FC92E92-4CE8-4679-A444-796B7B3FA6A3}
2011-12-26 12:25:29   --------   d-----w-   C:\Users\Owner\AppData\Local\{4EA0BED9-3FDE-42C2-AE22-D062AA132255}
2011-12-25 12:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{06F41CD0-DCAA-4BA3-9843-6E42B045327F}
2011-12-25 12:35:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{02625DFC-1F98-4206-99F0-982147C80F1D}
2011-12-24 12:06:43   --------   d-----w-   C:\Program Files\iPod
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files\iTunes
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files (x86)\iTunes
2011-12-24 11:47:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{3E5D0FAD-4D4C-461F-9AC1-02E01928B4D1}
2011-12-24 11:46:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{BC1A453D-C94D-4A66-88DC-B44A540B2F64}
2011-12-23 11:51:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{55932F54-02B6-496D-984F-DFE17F04A765}
2011-12-23 11:51:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{45228775-C592-4C3D-B53D-C52D2A43B2ED}
2011-12-22 06:13:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{5FFB457D-CD72-4585-A785-C6A7987E2149}
2011-12-22 06:13:09   --------   d-----w-   C:\Users\Owner\AppData\Local\{E35BC3F6-7870-45D9-BA5E-A5043443F0FB}
2011-12-21 11:55:18   --------   d-----w-   C:\Users\Owner\AppData\Local\{1E421217-36BB-47EC-82E5-0F19BF09DE90}
2011-12-21 11:55:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{0EB17174-E679-453D-8B5F-E1E2FBC6B263}
2011-12-20 12:06:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{2B1938B9-6D97-4025-AFEA-6FC0FCD5CA15}
2011-12-20 12:06:45   --------   d-----w-   C:\Users\Owner\AppData\Local\{4832F7AE-C25A-483B-B12E-F2911D9EA206}
2011-12-19 13:26:53   --------   d-----w-   C:\Users\Owner\AppData\Local\{829A3F04-098F-405E-A3AE-806D1053719D}
2011-12-19 13:26:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{6CB686C8-F22A-404D-8214-9D5157DD920F}
2011-12-18 12:43:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{06009B7E-7470-4447-A37A-C8F74B5DCD92}
2011-12-18 12:43:30   --------   d-----w-   C:\Users\Owner\AppData\Local\{A607F472-32F6-4FB5-B9C2-3E8E46D72EB2}
2011-12-17 12:00:01   --------   d-----w-   C:\Users\Owner\AppData\Local\{DA0E6FCA-B573-42D5-8092-9DC57469120C}
2011-12-17 11:59:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{C2BFC38A-1D65-4F4F-97AB-F7CBF799CCA4}
2011-12-16 13:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{15F1C407-8A03-4D1D-9EF2-FE2E2A8F4211}
2011-12-16 13:35:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{0A1515A0-9989-4B59-8492-902E986861A1}
2011-12-15 12:07:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{8AFF38ED-CF0D-47E3-9E54-4C47E6F51777}
2011-12-15 12:07:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{969B510F-239D-40CD-BFC3-6496679E215D}
2011-12-15 11:59:26   --------   d-----w-   C:\ProgramData\Symantec
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64\0306010.00B
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64
2011-12-15 11:59:21   --------   d-----w-   C:\ProgramData\Norton
2011-12-15 11:59:20   --------   d-----w-   C:\ProgramData\NortonInstaller
2011-12-15 11:59:20   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2011-12-14 21:46:59   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-14 21:46:51   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-12-14 21:46:43   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-12-14 21:46:43   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-12-14 11:17:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{E2695C2F-C55B-48F8-9F49-083D377EC627}
2011-12-14 11:17:04   --------   d-----w-   C:\Users\Owner\AppData\Local\{0520B2A0-A5C6-42C3-80A8-0A42FF238C7F}
2011-12-13 13:31:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{5B032F0B-83EE-4FD2-A5B3-216F29B65298}
2011-12-13 13:31:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{3F9B0CFB-D63E-436B-A595-8746402780FB}
2011-12-13 01:20:02   --------   d-----w-   C:\Users\Owner\AppData\Local\{B9FCF95B-D5C5-4256-AC9B-71FC12A05945}
2011-12-13 01:19:50   --------   d-----w-   C:\Users\Owner\AppData\Local\{6FBCB4FB-9DF4-44F6-8990-C3F0EC2DD7D3}
2011-12-12 11:05:06   --------   d-----w-   C:\Users\Owner\AppData\Local\{F00AA1B2-0C8E-4E52-868E-AF60B2775FC1}
2011-12-12 11:04:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{6DB722B6-BBF6-4D9F-8838-DF0173040178}
2011-12-11 12:17:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{60421197-A0A4-4A02-9B27-FE7E1C0BA838}
2011-12-11 12:17:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{86E18B70-0974-44FC-9F7F-280B6080C1E1}
.
==================== Find3M ====================
.
2011-11-30 12:35:38   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2011-11-30 12:35:37   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2011-11-28 18:01:25   41184   ----a-w-   C:\Windows\avastSS.scr
2011-11-28 17:54:44   140120   ----a-w-   C:\Windows\System32\drivers\aswFW.sys
2011-11-28 17:54:06   591192   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:53:28   258392   ----a-w-   C:\Windows\System32\drivers\aswNdis2.sys
2011-11-28 17:52:11   66904   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-14 12:22:49   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-10-24 18:29:02   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2011-10-20 23:26:22   94208   ----a-w-   C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 16:14:45.99 ===============

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

1/10/2012 7:12:12 PM
mbam-log-2012-01-10 (19-12-12).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 0
Time elapsed: 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Corrine · « **Reply #8 on:** January 11, 2012, 01:15:01 AM »

Hi, Horton.

Did you use System Restore or run any security programs? Rogues such as the name-changing Win 7 Antivirus 2012 do not disappear overnight.

The DDS log you posted was from yesterday. Did you run TDSS Killer?

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 16:12:20 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2521 [GMT -5:00]

winchester73 · « **Reply #9 on:** January 11, 2012, 01:53:03 AM »

Unless Horton edited the post immediately ... that second paragraph wasn't there when I first read the reply, unless my eyes deceived me ...

Corrine · « **Reply #10 on:** January 11, 2012, 02:18:29 AM »

Don't know but all those unknown CLSID's in Local Data are why I wanted to see a fresh DDS log. I don't need the attach log this time though, Horton.

Horton · « **Reply #11 on:** January 11, 2012, 03:33:29 AM »

M.R, the latest DDS report(s) enclosed.
I have not ran any scans, security programs or system restore since first seeing the infection! I did not want to screw anything up so I posted to the GW Computer Forum right away requesting assistance and was advised to come over to LanzDown.

I did run the TDSS Killer only after reading your instructions to-day (I guess yesterday now). It did not find anything, so there was nothing to report.

I still cannot believe that rouge program as you call it has just up-ed and gone of it's own accord but there is definitely no sign of it at present???

Here are the log reports done five minutes ago.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2009 11:26:51 AM
System Uptime: 1/10/2012 10:58:19 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0T287N
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 639 GiB total, 582.214 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 40.184 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\NET\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP430: 12/9/2011 10:54:46 AM - Windows Update
RP431: 12/10/2011 11:46:29 AM - Removed Apple Mobile Device Support
RP432: 12/13/2011 7:39:28 AM - Windows Update
RP433: 12/14/2011 4:54:24 PM - Windows Update
RP434: 12/15/2011 7:04:25 AM - Revo Uninstaller's restore point - Norton Security Scan
RP435: 12/20/2011 7:05:01 AM - Windows Update
RP436: 12/23/2011 7:09:11 AM - Windows Update
RP437: 12/27/2011 7:23:06 AM - Windows Update
RP438: 12/28/2011 8:02:41 PM - Revo Uninstaller's restore point - WeatherEye
RP439: 1/3/2012 8:35:05 AM - Windows Update
RP440: 1/10/2012 9:09:38 AM - Scheduled Checkpoint
RP441: 1/10/2012 3:02:04 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ArcSoft MediaConverter 2
ArcSoft PhotoImpression 5
ArcSoft ShowBiz DVD 2
ASUS E-Green Uninstall
Auslogics Disk Defrag
avast! Internet Security
Bing Bar
BufferChm
Copy
CyberLink Power2Go
D3DX10
Destinations
DeviceDiscovery
Digital Video
DivX Setup
DJ_AIO_05_F4400_Software_Min
Driver Detective
F4400
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
ShareIns
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
WeatherEye
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/10/2012 10:59:04 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/10/2012 10:58:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
1/10/2012 10:58:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/10/2012 10:58:53 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
1/10/2012 10:58:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/10/2012 10:58:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 23:14:24 on 2012-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2719 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskhost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
svchost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [NetworkIndicator] C:\Users\Owner\AppData\Local\Temp\Temp2_network-activity-indicator.zip\NetworkIndicator.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
uRun: [WeatherEye] C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
mRun: [<NO NAME>]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DE003C9E-1E0B-4AF8-8FDB-5C01421E27A7} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6uvtnpdf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.3&locale=en-US&sl=ub&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-3 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-3 127192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-29 1153368]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-10 21:09:17   737072   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-10 12:35:08   --------   d-----w-   C:\Program Files\trend micro
2012-01-10 11:58:53   --------   d-----w-   C:\Users\Owner\AppData\Local\{25C84B89-AF6C-4430-8435-55C29D6594E8}
2012-01-10 11:58:40   --------   d-----w-   C:\Users\Owner\AppData\Local\{5B140B4B-B4C4-42A7-B1C0-BED22403798A}
2012-01-09 12:20:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{DD4F6EAF-CCD8-424D-928C-E8E36A85B300}
2012-01-09 12:20:27   --------   d-----w-   C:\Users\Owner\AppData\Local\{997465D9-80F1-4F42-8589-7CA022BF671E}
2012-01-08 12:31:41   --------   d-----w-   C:\Users\Owner\AppData\Local\{20174A4D-F500-437E-B272-4AE7D150BAC4}
2012-01-08 12:31:28   --------   d-----w-   C:\Users\Owner\AppData\Local\{D6D7CC6D-C54D-4CCF-BF20-7064FEE11889}
2012-01-07 12:29:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{8CDD0F9E-BBE1-4FC9-A65B-616E061AC89C}
2012-01-07 12:29:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{7811681C-811D-4DE4-9CF1-B0D78A4F2CD5}
2012-01-06 12:36:48   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB7AB340-9AC1-435B-A1E9-DB25011F5FCB}\mpengine.dll
2012-01-06 12:36:34   --------   d-----w-   C:\Users\Owner\AppData\Local\DDMSettings
2012-01-06 12:33:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{AA6435DB-A388-4488-8131-84E2FA7F502C}
2012-01-06 12:33:40   --------   d-----w-   C:\Users\Owner\AppData\Local\{87C6E568-527D-4AF7-BE7D-14011C012348}
2012-01-05 11:48:20   --------   d-----w-   C:\Users\Owner\AppData\Local\{004DD7DD-727A-4BA0-AA7F-1E194E47D697}
2012-01-05 11:48:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{40FEAB25-C975-4F06-8418-94B9ABCCB0FC}
2012-01-04 19:24:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{A78908B2-40A7-4C8C-82B7-BEAE4B3D1670}
2012-01-04 19:24:24   --------   d-----w-   C:\Users\Owner\AppData\Local\{7C72DE1F-60F8-43A7-B0C6-74F16440AB47}
2012-01-03 13:38:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{D9BF48C4-18C4-484E-8863-F04EC9077994}
2012-01-03 13:38:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{5E0CE4E2-808A-4334-9A65-7A52B39A57D3}
2012-01-02 12:46:38   --------   d-----w-   C:\Users\Owner\AppData\Local\{38FFAE0F-48F5-4EA2-991F-8718EB257D90}
2012-01-02 12:46:25   --------   d-----w-   C:\Users\Owner\AppData\Local\{4F0465D4-5D84-4FB3-8D1C-0D72ABC11B8C}
2012-01-01 15:52:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{84E52D3C-FBCD-4847-A619-53E84B63A79B}
2012-01-01 15:52:22   --------   d-----w-   C:\Users\Owner\AppData\Local\{22B612F5-B3C8-4404-9A2D-D56759C1EE6C}
2011-12-31 12:40:11   --------   d-----w-   C:\Users\Owner\AppData\Local\{3365E3F7-9DA1-48F9-B963-AEDC5A2603F1}
2011-12-31 12:39:58   --------   d-----w-   C:\Users\Owner\AppData\Local\{A3438FB9-A2A4-4CA9-A325-F0216697E656}
2011-12-30 12:17:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{61FFA488-87B9-4E51-8A2A-5F084BB1479D}
2011-12-30 12:17:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{F698E831-DDE0-4A5F-9462-D50C2AA27F50}
2011-12-29 12:48:46   --------   d-----w-   C:\Users\Owner\AppData\Local\{C0C4070C-0CFD-40A9-9BD9-CCD27264C013}
2011-12-29 12:48:35   --------   d-----w-   C:\Users\Owner\AppData\Local\{9E8634AA-D3D9-40CF-AE67-0A467B0B4C3E}
2011-12-29 00:38:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{B3142618-35CB-4BC0-8EE5-4A9A877D40E3}
2011-12-29 00:38:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{ADFF7EBA-A9F5-4858-8ADE-BA38CF885172}
2011-12-28 12:11:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{A65DAB44-83D3-4E6C-9224-A5C407E82DB1}
2011-12-28 12:11:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{90514ECC-C343-4137-AE4F-9A450EBE6A71}
2011-12-27 12:22:21   --------   d-----w-   C:\Users\Owner\AppData\Local\{5A6F0CF0-96E3-44AA-B9A0-EF66E3EAE703}
2011-12-27 12:21:51   --------   d-----w-   C:\Users\Owner\AppData\Local\{3CAFAF64-51E0-43EE-A355-1445308B53C6}
2011-12-26 12:25:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{1FC92E92-4CE8-4679-A444-796B7B3FA6A3}
2011-12-26 12:25:29   --------   d-----w-   C:\Users\Owner\AppData\Local\{4EA0BED9-3FDE-42C2-AE22-D062AA132255}
2011-12-25 12:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{06F41CD0-DCAA-4BA3-9843-6E42B045327F}
2011-12-25 12:35:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{02625DFC-1F98-4206-99F0-982147C80F1D}
2011-12-24 12:06:43   --------   d-----w-   C:\Program Files\iPod
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files\iTunes
2011-12-24 12:06:42   --------   d-----w-   C:\Program Files (x86)\iTunes
2011-12-24 11:47:14   --------   d-----w-   C:\Users\Owner\AppData\Local\{3E5D0FAD-4D4C-461F-9AC1-02E01928B4D1}
2011-12-24 11:46:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{BC1A453D-C94D-4A66-88DC-B44A540B2F64}
2011-12-23 11:51:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{55932F54-02B6-496D-984F-DFE17F04A765}
2011-12-23 11:51:07   --------   d-----w-   C:\Users\Owner\AppData\Local\{45228775-C592-4C3D-B53D-C52D2A43B2ED}
2011-12-22 06:13:19   --------   d-----w-   C:\Users\Owner\AppData\Local\{5FFB457D-CD72-4585-A785-C6A7987E2149}
2011-12-22 06:13:09   --------   d-----w-   C:\Users\Owner\AppData\Local\{E35BC3F6-7870-45D9-BA5E-A5043443F0FB}
2011-12-21 11:55:18   --------   d-----w-   C:\Users\Owner\AppData\Local\{1E421217-36BB-47EC-82E5-0F19BF09DE90}
2011-12-21 11:55:03   --------   d-----w-   C:\Users\Owner\AppData\Local\{0EB17174-E679-453D-8B5F-E1E2FBC6B263}
2011-12-20 12:06:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{2B1938B9-6D97-4025-AFEA-6FC0FCD5CA15}
2011-12-20 12:06:45   --------   d-----w-   C:\Users\Owner\AppData\Local\{4832F7AE-C25A-483B-B12E-F2911D9EA206}
2011-12-19 13:26:53   --------   d-----w-   C:\Users\Owner\AppData\Local\{829A3F04-098F-405E-A3AE-806D1053719D}
2011-12-19 13:26:43   --------   d-----w-   C:\Users\Owner\AppData\Local\{6CB686C8-F22A-404D-8214-9D5157DD920F}
2011-12-18 12:43:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{06009B7E-7470-4447-A37A-C8F74B5DCD92}
2011-12-18 12:43:30   --------   d-----w-   C:\Users\Owner\AppData\Local\{A607F472-32F6-4FB5-B9C2-3E8E46D72EB2}
2011-12-17 12:00:01   --------   d-----w-   C:\Users\Owner\AppData\Local\{DA0E6FCA-B573-42D5-8092-9DC57469120C}
2011-12-17 11:59:49   --------   d-----w-   C:\Users\Owner\AppData\Local\{C2BFC38A-1D65-4F4F-97AB-F7CBF799CCA4}
2011-12-16 13:35:54   --------   d-----w-   C:\Users\Owner\AppData\Local\{15F1C407-8A03-4D1D-9EF2-FE2E2A8F4211}
2011-12-16 13:35:44   --------   d-----w-   C:\Users\Owner\AppData\Local\{0A1515A0-9989-4B59-8492-902E986861A1}
2011-12-15 12:07:42   --------   d-----w-   C:\Users\Owner\AppData\Local\{8AFF38ED-CF0D-47E3-9E54-4C47E6F51777}
2011-12-15 12:07:32   --------   d-----w-   C:\Users\Owner\AppData\Local\{969B510F-239D-40CD-BFC3-6496679E215D}
2011-12-15 11:59:26   --------   d-----w-   C:\ProgramData\Symantec
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64\0306010.00B
2011-12-15 11:59:22   --------   d-----w-   C:\Windows\System32\drivers\NSSx64
2011-12-15 11:59:21   --------   d-----w-   C:\ProgramData\Norton
2011-12-15 11:59:20   --------   d-----w-   C:\ProgramData\NortonInstaller
2011-12-15 11:59:20   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2011-12-14 21:46:59   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-14 21:46:51   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-12-14 21:46:43   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-12-14 21:46:43   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-12-14 21:46:38   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-12-14 11:17:15   --------   d-----w-   C:\Users\Owner\AppData\Local\{E2695C2F-C55B-48F8-9F49-083D377EC627}
2011-12-14 11:17:04   --------   d-----w-   C:\Users\Owner\AppData\Local\{0520B2A0-A5C6-42C3-80A8-0A42FF238C7F}
2011-12-13 13:31:48   --------   d-----w-   C:\Users\Owner\AppData\Local\{5B032F0B-83EE-4FD2-A5B3-216F29B65298}
2011-12-13 13:31:36   --------   d-----w-   C:\Users\Owner\AppData\Local\{3F9B0CFB-D63E-436B-A595-8746402780FB}
2011-12-13 01:20:02   --------   d-----w-   C:\Users\Owner\AppData\Local\{B9FCF95B-D5C5-4256-AC9B-71FC12A05945}
2011-12-13 01:19:50   --------   d-----w-   C:\Users\Owner\AppData\Local\{6FBCB4FB-9DF4-44F6-8990-C3F0EC2DD7D3}
2011-12-12 11:05:06   --------   d-----w-   C:\Users\Owner\AppData\Local\{F00AA1B2-0C8E-4E52-868E-AF60B2775FC1}
2011-12-12 11:04:55   --------   d-----w-   C:\Users\Owner\AppData\Local\{6DB722B6-BBF6-4D9F-8838-DF0173040178}
.
==================== Find3M ====================
.
2011-12-10 20:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-30 12:35:38   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2011-11-30 12:35:37   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2011-11-28 18:01:25   41184   ----a-w-   C:\Windows\avastSS.scr
2011-11-28 17:54:44   140120   ----a-w-   C:\Windows\System32\drivers\aswFW.sys
2011-11-28 17:54:06   591192   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:53:28   258392   ----a-w-   C:\Windows\System32\drivers\aswNdis2.sys
2011-11-28 17:52:11   66904   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-14 12:22:49   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-10-24 18:29:02   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2011-10-20 23:26:22   94208   ----a-w-   C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 23:16:41.31 ===============

Horton · « **Reply #12 on:** January 11, 2012, 12:36:25 PM »

Good-day M.R. everything seems to be quiet, no rouges running havoc, no errant boxes showing results of scamming scans. I don't know what happened to the nasty little trouble maker??????

Winchester thought I may have edited or added a paragraph on one of my posts.........Not so.

The only editing I have done was on my post before this one, where I added a sentence..... referring to the TDSSKiller scan....."It did not find anything, so there was nothing to report."

If you require any other information or for me to carry out any other actions please let me know.
Thank you.

Corrine · « **Reply #13 on:** January 11, 2012, 03:53:32 PM »

Hi, Horton.

Something strange is going on. Unless my eyes are deceiving me, C:\Users\Owner\AppData\Local\jjw.exe (which is cloaked malware and a definite sign of the Win 7 Antivirus 2012 rogue) seems to have disappeared from the list of created files.

Can you access the Security Center? Is your Firewall working?

Let's start by updating Java because you have an outdated, vulnerable version installed. Go to http://java.com/en/download/manual.jsp for the latest version.

Next, please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Horton · « **Reply #14 on:** January 11, 2012, 07:15:24 PM »

m.r. carried out your instructions and downloaded combofix turned off Avast security and ran combofix.
It did it's scan no trouble then looged off my computer.
When the computer came back up there was no combofix log anywhere to be found.
Any ideas on where I may find it?

LandzDown Forum

News:

Author Topic: Windows 7 Internet Security 2012 infection. (Read 1977 times)

Horton

Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

winchester73

Re: Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.

Corrine

Re: Windows 7 Internet Security 2012 infection.

Horton

Re: Windows 7 Internet Security 2012 infection.