Author Topic: add & remove items  (Read 9221 times)

0 Members and 1 Guest are viewing this topic.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
add & remove items
« on: March 16, 2012, 02:04:59 PM »
I just got a new windows 7 hp computer and have about 60 programs i add & remove.
Woul anybody have a list of the mostly needed ones I got to keep?
 This new comp. isn;t much faster than my old xp with onlt 512 memorie
I need to do some cleanup
Thanks for any help
johnson55

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14322
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: add & remove items
« Reply #1 on: March 16, 2012, 05:52:18 PM »
Hi, johnson55.

Without knowing what is installed on your computer, we cannot advise you.  Please post the logs requested below.  They will enable us to see what is on the computer.

Download DDS.scr by sUBs and save it to your desktop:  Link
  • Double-Click dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #2 on: March 17, 2012, 02:57:35 AM »
Thanks Corrine,
 You are home schooling me. I hope I done this right.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by jacobi678 at 22:49:32 on 2012-03-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2713 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Zoom Downloader: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WinPatrol Explorer] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AACA648C-CA36-4BFF-9259-744A8F274ACC} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO-X64:     CrossriderApp0002258 - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64:     Babylon toolbar helper - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO-X64:     TBSB01620 - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO-X64:     Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO-X64:     Norton Vulnerability Protection - No File
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64:     TSBHO Class - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64:     Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64:     IMinent WebBooster - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64:     Yontoo Layers - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c6125cca&tbp=homepage&toolbarid=blekkotb_001&u=201203125F254738BBE17C8D7E360158
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c6125cca&tbp=url&toolbarid=blekkotb_001&u=___userid___&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a0226710000000000003860779ec705
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a0226710000000000003860779ec705
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15411
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:07:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f345d036-dd66-4a32-b9e3-08c109616990
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,dropdowndeals,buzzdock,toprelatedtopics,twittube,ezlooker
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120316.005\IDSviA64.sys [2012-3-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe [2012-3-8 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-10 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-15 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-10 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-15 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-15 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-15 11776]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-15 04:17:10   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-15 04:17:09   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 04:17:09   3913584   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 14:43:11   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-03-14 14:43:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-03-14 14:43:07   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-03-14 14:41:47   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-14 14:41:47   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 14:41:47   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 14:41:47   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-14 14:41:44   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-03-14 14:41:44   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-03-14 14:41:44   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-03-13 18:07:08   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{10466BD9-5035-4F65-8A21-73E182B7FE20}
2012-03-13 18:06:41   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{515FDBF1-0C4F-4ABF-86F8-77AF4EBE8119}
2012-03-13 15:02:31   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{DE8D2FEF-9F55-4418-AEBC-300B5FDE7DBD}
2012-03-13 15:01:54   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{C5595999-9687-4EDB-AC3F-7AC9A0F89BDD}
2012-03-13 03:49:00   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{B1CE2D00-6190-46AC-A3B4-43B03E909E2E}
2012-03-13 03:48:32   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{8048C8AA-28B0-408A-9081-2E8EDFE9B632}
2012-03-12 23:24:28   --------   d-----w-   C:\Users\jacobi678\AppData\Local\blekkotb_001
2012-03-12 23:24:22   --------   d-----w-   C:\ProgramData\Anti-phishing Domain Advisor
2012-03-12 23:24:20   --------   d-----w-   C:\Program Files (x86)\blekkotb
2012-03-12 23:24:14   --------   d-----w-   C:\Users\jacobi678\AppData\Local\jetmp3
2012-03-12 20:22:31   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{00061BA3-CA99-4120-BC7A-0BD3CD1751DB}
2012-03-12 20:22:30   --------   d-----w-   C:\ProgramData\InstallMate
2012-03-12 20:22:30   --------   d-----w-   C:\Program Files (x86)\BillP Studios
2012-03-12 20:22:14   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{CEA6C039-9A1B-4B8D-BF13-41796C61DE75}
2012-03-12 20:22:01   --------   d-----w-   C:\Users\jacobi678\Tracing
2012-03-12 20:19:15   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\Iminent
2012-03-12 20:19:14   --------   d-----w-   C:\Program Files (x86)\IMinent Toolbar
2012-03-12 20:19:13   75264   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.20.dll
2012-03-12 20:19:13   73216   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.90.dll
2012-03-12 20:19:13   73216   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.80.dll
2012-03-12 20:19:13   73216   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.70.dll
2012-03-12 20:19:13   73216   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.60.dll
2012-03-12 20:19:13   72704   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.50.dll
2012-03-12 20:19:13   67072   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.WebBooster.XPCOM.18.dll
2012-03-12 20:19:11   --------   d-----w-   C:\ProgramData\Iminent
2012-03-12 20:18:54   --------   d-----w-   C:\Program Files (x86)\Iminent
2012-03-12 20:18:12   --------   d-----w-   C:\Program Files (x86)\Brand Affinity Technologies
2012-03-12 20:18:04   --------   d-----w-   C:\Users\jacobi678\AppData\Local\I Want This
2012-03-12 20:18:03   --------   d-----w-   C:\Program Files (x86)\I Want This
2012-03-12 20:17:16   --------   d-----w-   C:\Program Files (x86)\Yontoo
2012-03-12 20:17:15   --------   d-----w-   C:\ProgramData\Tarma Installer
2012-03-12 20:07:13   --------   d-----w-   C:\Program Files (x86)\BabylonToolbar
2012-03-12 20:06:48   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\Babylon
2012-03-12 20:06:48   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Babylon
2012-03-12 20:06:48   --------   d-----w-   C:\ProgramData\Babylon
2012-03-12 20:06:35   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Zoom_Downloader
2012-03-12 20:06:33   --------   d-----w-   C:\Program Files (x86)\Zoom Downloader
2012-03-11 16:00:07   --------   d-----w-   C:\ProgramData\McAfee Security Scan
2012-03-11 16:00:07   --------   d-----w-   C:\Program Files (x86)\McAfee Security Scan
2012-03-10 05:55:50   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{0113F843-E1D2-4F8E-9430-B2D69BEE33F7}
2012-03-10 05:55:23   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{A8E85387-735E-49A9-AE4F-5D9F147399B8}
2012-03-09 04:30:10   738936   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
2012-03-09 04:30:10   451192   ----a-r-   C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
2012-03-09 04:30:10   405624   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
2012-03-09 04:30:10   37496   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
2012-03-09 04:30:10   190072   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
2012-03-09 04:30:10   167048   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
2012-03-09 04:30:10   1092728   ----a-w-   C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
2012-03-09 04:30:04   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1306010.008
2012-03-07 05:28:23   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{F05C811E-CB85-46DC-99CE-D3CBFC18FE3C}
2012-03-07 05:28:06   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{F4B3365C-7526-4144-B1EA-82FFF57F917B}
2012-03-07 05:06:23   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{E36D14A5-B36D-4C3A-BB78-8C73F2557399}
2012-03-07 05:05:59   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{C2CECCE5-0423-4EA1-B62E-FFB3884349AF}
2012-03-07 04:25:10   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{B5DD9E2A-FB7A-4BC4-BF6E-FBC7D2AF50E3}
2012-03-07 04:25:10   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{8E3BD410-367F-4A06-818D-445FF94FE853}
2012-03-04 23:39:58   162664   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-02 19:12:05   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Windows Live
2012-03-02 19:11:19   --------   d-----w-   C:\Users\jacobi678\AppData\Local\{E62B5E51-0B87-43DB-83A3-D9D7DBE642CB}
2012-03-02 00:30:13   --------   d-----w-   C:\ProgramData\VirtualizedApplications
2012-03-01 05:19:29   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Microsoft Help
2012-03-01 05:16:12   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\SoftGrid Client
2012-03-01 05:16:12   --------   d-----w-   C:\Users\jacobi678\AppData\Local\SoftGrid Client
2012-03-01 05:15:38   --------   d-----w-   C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-01 05:15:30   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\TP
2012-02-27 04:43:10   --------   d-----w-   C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-27 04:42:48   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\hpqLog
2012-02-27 04:42:12   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\WinBatch
2012-02-25 15:31:10   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\Windows Live Writer
2012-02-25 15:31:10   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Windows Live Writer
2012-02-24 15:24:43   1658880   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-02-20 20:25:15   --------   d-----w-   C:\ProgramData\Blio
2012-02-20 20:25:14   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\Blio
2012-02-17 20:02:05   --------   d-----w-   C:\Users\jacobi678\Pavark
2012-02-17 06:53:29   --------   d-----w-   C:\Program Files (x86)\Yahoo!
2012-02-17 02:47:35   --------   d-----w-   C:\Users\jacobi678\AppData\Local\Diagnostics
2012-02-17 02:35:51   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\WinPatrol
2012-02-17 02:28:22   118784   ----a-w-   C:\Windows\SysWow64\MSSTDFMT.DLL
2012-02-17 02:28:22   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
2012-02-16 17:22:28   --------   d-----w-   C:\Users\jacobi678\AppData\Local\CrashDumps
.
==================== Find3M  ====================
.
2012-03-15 03:57:09   175736   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-11 16:01:48   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24   498688   ----a-w-   C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 22:49:59.19 ===============

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14322
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: add & remove items
« Reply #3 on: March 17, 2012, 01:07:14 PM »
Hi, johnson55.

Whew!  There's a fair amount of junk there already.  Please provide a copy of Attach.txt as well.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #4 on: March 17, 2012, 01:57:39 PM »
Corrine,
 I feel dumb about this but I don't think the attach.txt appeared.
How do I find that guy?

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14322
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: add & remove items
« Reply #5 on: March 17, 2012, 03:39:16 PM »
Hi, johnson55.

If you didn't "Save the logs to a convenient place such as your desktop", please run DDS.scr again.  Wait for both logs to appear and then just open the attach.txt to post here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #6 on: March 17, 2012, 06:00:04 PM »
Corrine,
 I tried it 5 times and I can't get the attCH TXT TO SHOW UP.
i GET THE PAGE WITH the 1.drscv 2.attachtxt but theirs only no.1 file to copy
I've done it with both computers.What am I doing wrong.And if I do get this
attachtxt how do I do the unzipping?
I'm getting to be a pest
johnson

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #7 on: March 17, 2012, 06:10:45 PM »
Corrine I'm bavk again better news
I got the attachtxt in notepad and need to zip it up and send it.
I don't remember how. Could you enlighten me.
I don't know how it got in my taskbar in notepad?
johnson55

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1415
    • View Profile
Re: add & remove items
« Reply #8 on: March 17, 2012, 06:54:05 PM »
No need to zip it, just copy and paste it in to a reply..

Paddy.. :Hammys pint:
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14322
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: add & remove items
« Reply #9 on: March 17, 2012, 08:51:12 PM »
Thanks, Paddy.   It is confusing because some sites prefer the log be zipped and attached, although I cannot figure out why since it is important to review both logs.

johnson55, as Paddy said, just copy/paste the log from Notepad.  The reason it was in your taskbar is because the first log (log.txt) is opened to copy/paste first while the second log (attach.txt) sits in the taskbar waiting its turn.   (In the event you do attach the log, don't worry, I'll extract the contents and post it anyway. :) )


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #10 on: March 17, 2012, 09:05:44 PM »
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2012 4:25:24 PM
System Uptime: 3/17/2012 12:04:45 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AC2
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 882.547 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.43 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP11: 2/15/2012 4:49:03 PM - ARO 2012 - Before Installation
RP12: 2/15/2012 4:49:36 PM - ARO 2012 - FIRST RUN
RP13: 2/16/2012 8:01:56 PM - Windows Update
RP14: 2/19/2012 9:44:46 AM - 1st one on w-7
RP15: 2/20/2012 2:27:43 PM - Removed Blio.
RP16: 2/21/2012 3:41:40 PM - Windows Update
RP17: 2/25/2012 11:01:44 PM - Windows Update
RP18: 2/26/2012 9:57:42 AM - Windows Update
RP19: 2/26/2012 10:43:16 PM - Installed HP Support Assistant
RP20: 2/26/2012 10:45:57 PM - Windows Modules Installer
RP21: 2/26/2012 10:46:25 PM - Windows Modules Installer
RP22: 3/1/2012 10:17:27 PM - Windows Update
RP23: 3/14/2012 11:15:03 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Agatha Christie - Peril at End House
Anti-phishing Domain Advisor
Babylon toolbar on IE
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Cake Mania
Chronicles of Albian
Chuzzle Deluxe
Cradle of Rome 2
D3DX10
Fantapper Player
Farm Frenzy
FATE
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Support Assistant
HP Support Information
HP Update
I Want This
Iminent
IMinent Toolbar
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
JetMP3
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Kobo
LabelPrint
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Norton Internet Security
Norton Online Backup
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Slingo Supreme
Spam Free Search Bar
Spybot - Search & Destroy
SpywareBlaster 4.6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.4)
Virtual Villagers 5 - New Believers
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Install Manager
Zinio Reader 4
Zoom Downloader
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/17/2012 9:18:27 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/17/2012 9:18:27 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/17/2012 9:18:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/17/2012 9:17:57 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/17/2012 9:17:57 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
3/15/2012 10:07:14 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
3/13/2012 12:44:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14322
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: add & remove items
« Reply #11 on: March 18, 2012, 10:24:49 PM »
Hi, johnson55.

Thank you for the extra log.  It is very helpful.

Let's start by doing some removal.  First McAfee Security Scan Plus was apparently included in an Adobe update.  Watch those pre-checked options when installing software.  I suggest you uninstall it.

Next, the following programs are classified as malware, spyware, adware, or other potentially unwanted software and need to be uninstalled: 

Babylon toolbar on IE
Fantapper Player
I Want This
Iminent
IMinent Toolbar


Following that, due to both the likelihood that they will not cleanly uninstall plus the added questionable nature of at least one of the programs, please do the following:

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #12 on: March 19, 2012, 02:46:43 PM »
Corrine ,I done that combofix and got it on the desktop but my email didn'nt work and I could'nt sign in at
landzdown and alot of things worked very unusual.I hope I didn't goof up this new computer.I tried to send
the attach file on desktop but it said this area was empty so maybe writing something in this area will help.
I hope now the attach will add on to this.

Offline johnson55

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: add & remove items
« Reply #13 on: March 19, 2012, 02:52:58 PM »
Try it again

Offline MikeW

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 268
    • View Profile
Re: add & remove items
« Reply #14 on: March 19, 2012, 02:58:07 PM »
Here is a cut and paste

ComboFix 12-03-18.01 - jacobi678 03/19/2012  10:06:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2560 [GMT -5:00]
Running from: c:\users\jacobi678\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\jacobi678\Documents\notepad.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-19 to 2012-03-19  )))))))))))))))))))))))))))))))
.
.
2012-03-19 15:08 . 2012-03-19 15:08   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-18 22:47 . 2012-03-18 22:47   --------   d-----w-   c:\windows\en
2012-03-18 22:46 . 2012-03-18 22:46   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-18 22:45 . 2012-03-18 22:45   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\ca474e921cd055802\MeshBetaRemover.exe
2012-03-15 04:17 . 2011-11-19 15:20   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-15 04:17 . 2011-11-19 14:50   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 04:17 . 2011-11-19 14:50   3913584   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:43 . 2012-02-03 04:34   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-03-14 14:43 . 2012-02-10 06:36   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-14 14:43 . 2012-02-10 05:38   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-03-14 14:41 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 14:41 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:41 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:41 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:41 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-03-14 14:41 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:41 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-03-12 23:24 . 2012-03-12 23:24   --------   d-----w-   c:\users\jacobi678\AppData\Local\blekkotb_001
2012-03-12 23:24 . 2012-03-12 23:24   --------   d-----w-   c:\programdata\Anti-phishing Domain Advisor
2012-03-12 23:24 . 2012-03-12 23:24   --------   d-----w-   c:\program files (x86)\blekkotb
2012-03-12 23:24 . 2012-03-12 23:24   --------   d-----w-   c:\users\jacobi678\AppData\Local\jetmp3
2012-03-12 20:22 . 2012-03-16 03:55   --------   d-----w-   c:\programdata\InstallMate
2012-03-12 20:22 . 2012-03-12 20:22   --------   d-----w-   c:\program files (x86)\BillP Studios
2012-03-12 20:22 . 2012-03-14 03:27   --------   d-----w-   c:\users\jacobi678\Tracing
2012-03-12 20:17 . 2012-03-12 20:17   --------   d-----w-   c:\program files (x86)\Yontoo
2012-03-12 20:07 . 2012-03-12 20:07   237   ----a-w-   C:\user.js
2012-03-12 20:06 . 2012-03-12 20:06   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\Babylon
2012-03-12 20:06 . 2012-03-12 20:06   --------   d-----w-   c:\users\jacobi678\AppData\Local\Babylon
2012-03-12 20:06 . 2012-03-12 20:06   --------   d-----w-   c:\programdata\Babylon
2012-03-12 20:06 . 2012-03-12 20:06   --------   d-----w-   c:\users\jacobi678\AppData\Local\Zoom_Downloader
2012-03-12 20:06 . 2012-03-12 20:06   --------   d-----w-   c:\program files (x86)\Zoom Downloader
2012-03-11 16:00 . 2012-03-11 16:00   --------   d-----w-   c:\windows\system32\Macromed
2012-03-11 16:00 . 2012-03-11 16:00   --------   d-----w-   c:\programdata\McAfee
2012-03-09 04:30 . 2012-03-15 15:05   --------   d-----w-   c:\windows\system32\drivers\NISx64\1306010.008
2012-03-04 23:39 . 2012-03-04 23:39   162664   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-02 19:12 . 2012-03-13 18:06   --------   d-----w-   c:\users\jacobi678\AppData\Local\Windows Live
2012-03-02 00:30 . 2012-03-02 00:30   --------   d-----w-   c:\programdata\VirtualizedApplications
2012-03-01 05:19 . 2012-03-01 05:19   --------   d-----w-   c:\users\jacobi678\AppData\Local\Microsoft Help
2012-03-01 05:19 . 2012-03-01 05:19   --------   d-----w-   c:\programdata\Microsoft Help
2012-03-01 05:16 . 2012-03-12 03:55   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\SoftGrid Client
2012-03-01 05:16 . 2012-03-01 05:16   --------   d-----w-   c:\users\jacobi678\AppData\Local\SoftGrid Client
2012-03-01 05:15 . 2012-03-02 04:17   --------   d-----w-   c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-01 05:15 . 2012-03-01 05:16   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\TP
2012-02-27 04:43 . 2012-02-27 04:43   --------   d-----w-   c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-27 04:42 . 2012-02-27 04:44   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\hpqLog
2012-02-27 04:42 . 2012-02-27 04:42   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\WinBatch
2012-02-25 15:31 . 2012-03-07 05:21   --------   d-----w-   c:\users\jacobi678\AppData\Local\Windows Live Writer
2012-02-25 15:31 . 2012-03-07 05:08   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\Windows Live Writer
2012-02-23 20:04 . 2012-02-23 20:04   --------   d-----w-   c:\users\jacobi678\AppData\Local\Mozilla
2012-02-20 20:25 . 2012-02-20 20:25   --------   d-----w-   c:\programdata\Blio
2012-02-20 20:25 . 2012-02-20 20:26   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\Blio
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 03:57 . 2011-09-10 05:17   175736   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-11 16:01 . 2011-09-10 05:12   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-15 06:55   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 06:55   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 06:54   515584   ----a-w-   c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 06:54   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 06:54   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WinPatrol Explorer"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe" [2012-02-24 670312]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120316.005\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 22:32]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 22:32]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForjacobi678.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-02-24 328800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c6125cca&tbp=url&toolbarid=blekkotb_001&u=___userid___&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a0226710000000000003860779ec705
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a0226710000000000003860779ec705
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15411
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f345d036-dd66-4a32-b9e3-08c109616990
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,dropdowndeals,buzzdock,toprelatedtopics,twittube,ezlooker
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=hex:51,66,7a,6c,4c,1d,38,12,a2,ea,69,
   93,b1,e1,86,00,e1,15,a1,39,87,48,a6,c1
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
   5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
   81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
   a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}"=hex:51,66,7a,6c,4c,1d,38,12,b6,6e,d5,
   e1,b9,7e,21,0f,d0,1c,7e,44,f7,05,17,57
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0c,34,6f,bc,7a,05,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-19  10:12:15 - machine was rebooted
ComboFix-quarantined-files.txt  2012-03-19 15:12
.
Pre-Run: 946,080,186,368 bytes free
Post-Run: 945,692,352,512 bytes free
.
- - End Of File - - 8905915A8DC885ADF426D58C9C114EA8
Win 7 Home Premium  IE11 MSE Mbam Pro